A previously undocumented threat actor dubbed Curly COMrades has been observed targeting entities in Georgia and Moldova as part of a cyber espionage campaign designed to facilitate long-term access to target networks.
“They repeatedly tried to extract the NTDS database from domain controllers — the primary repository for user password hashes and authentication data in a Windows network,”
New ‘Curly COMrades’ APT Using NGEN COM Hijacking in Georgia, Moldova Attacks
