CyberWire Daily Sunny-side spyware. [Research Saturday]
14 snips
Sep 27, 2025 Join Martin Zujek, Technical Solutions Director at Bitdefender, as he dives into the cunning world of the Curly Comrades APT. He reveals how this newly identified Chinese group employs EggStreme, a sophisticated malware framework targeting a Philippine military company. Martin details the group's stealthy tactics like DLL sideloading and in-memory execution, making detection a challenge. He shares insights on their geopolitical motivations, persistence methods, and defensive measures organizations can take to combat such advanced threats.
AI Snips
Chapters
Transcript
Episode notes
Geopolitical Targeting And Broad Infrastructure
- Curly Comrades is an APT focused on long-term data exfiltration in geopolitical hotbeds between Russia and Europe.
- The group used many compromised legitimate websites as traffic relays, implying a broader victim set than observed.
Resox Lead Sparked The Investigation
- Bitdefender first detected activity when they saw an attempt to deploy a Resox client and then found more compromised machines and credentials.
- That initial Resox lead expanded into a months-long forensic investigation across multiple victims.
MUCOR Agent Is A Core Toolkit Component
- MUCOR agent was a core, recurring component found across multiple infected systems and raised particular interest.
- It uses .NET and executes PowerShell, aligning with modern APT toolkits that blend custom and script-based capabilities.