Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Government of Georgia

Government of Georgia Vendor Cyber Rating & Cyber Score

president.gov.ge


GG A.I CyberSecurity Scoring

GG
Company Information
Website:http://www.president.gov.ge
Employees number:48
Number of followers:0
NAICS:541821
Industry Type:Government Relations Services
Homepage:president.gov.ge
GG Risk Score (AI oriented)
Between 800 and 849
logo
GGGovernment Relations Services
Updated:
09/04/2026
806/1000
Good
A
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
GG Global Score (TPRM)
xxxx
logo
GGGovernment Relations Services
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

GG
GGGood
Current Score
806A (GOOD)
01000
1 incidents
-10 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
807Before Incident
JUNE 2026
807Before Incident
MAY 2026
806Before Incident
APRIL 2026
806Before Incident
MARCH 2026
806Before Incident
FEBRUARY 2026
806Before Incident
JANUARY 2026
805Before Incident
DECEMBER 2025
805Before Incident
NOVEMBER 2025
805Before Incident
OCTOBER 2025
804Before Incident
SEPTEMBER 2025
804Before Incident
AUGUST 2025
813Before Incident
Cyber Attack
12 Aug 2025GG
Government and judicial bodies in Georgia: Curly COMrades cyberspies hit govt orgs with custom malware

New Russian-Linked Cyber-Espionage Group 'Curly COMrades' Targets Government and Energy Sectors

803After Incident
CRITICAL-10
GOV1775759952
New Russian-Linked Cyber-Espionage Group "Curly COMrades" Targets Government and Energy Sectors A newly identified cyber-espionage threat group, tracked as Curly COMrades, has been conducting operations aligned with Russian geopolitical interests since mid-2024. The group has targeted government and judicial bodies in Georgia and energy firms in Moldova, deploying a sophisticated custom backdoor malware called MucorAgent. ### Attack Chain and Tactics Curly COMrades employs a three-stage .NET-based malware designed for stealth and persistence. The attack begins with an undetermined initial access vector, followed by the deployment of proxy agents like the Go-based Resocks, which is retrieved via curl.exe and registered as scheduled tasks or Windows services for persistence. Communication with the command-and-control (C2) server occurs over TCP ports 443 or 8443. For redundancy, the group uses custom SOCKS5 servers, SSH with Stunnel for remote port forwarding, and a tool called CurlCat, which obfuscates traffic by relaying it through compromised legitimate websites using libcurl and a custom Base64 alphabet. ### Unconventional Persistence Mechanisms Bitdefender researchers observed an unpredictable persistence method involving the hijacking of Component Object Model (COM) objects to target NGEN (Native Image Generator), a Windows .NET Framework component. The malware leverages a disabled scheduled task that executes at random intervals, such as during system idle times or application deployments. The group also deployed legitimate remote monitoring tools, including Remote Utilities (RuRat) and RMM software, to maintain interactive control over compromised systems. ### MucorAgent Backdoor Capabilities The MucorAgent backdoor consists of three components: 1. COM hijacking to load a second .NET stage. 2. AMSI bypass to evade Windows’ Antimalware Scan Interface. 3. Encrypted payload execution, where the malware searches for index.png and icon.png files actually encrypted data blobs downloaded from compromised websites. The threat actor conducted credential theft, including attempts to dump the NTDS database from domain controllers and extract LSASS memory for active credentials. They also used living-off-the-land (LOLBin) commands (e.g., netstat, tasklist, systeminfo, wmic, ipconfig) and PowerShell Active Directory enumeration to move laterally and exfiltrate data. ### Detection and Attribution Despite efforts to blend malicious activity with legitimate traffic, Curly COMrades’ operations generated enough detectable noise to be flagged by modern EDR/XDR solutions. While no direct links to known Russian APT groups have been confirmed, the targeting of Georgian and Moldovan entities aligns with Russian strategic interests. The group’s heavy reliance on curl.exe for exfiltration and COM hijacking led researchers to name them Curly COMrades.
INCIDENT DETAILS -
TYPE
Cyber-Espionage
MOTIVATION
Geopolitical interests (aligned with Russian strategic objectives)
IMPACT
Data Compromised: Credentials (NTDS database, LSASS memory), sensitive government and energy sector dataSystems Affected: Government/judicial bodies (Georgia), energy firms (Moldova)Operational Impact: Lateral movement, data exfiltration, potential disruption of critical servicesIdentity Theft Risk: High (personally identifiable information and credentials compromised)
DATA BREACH
CredentialsSensitive government/energy sector dataSensitivity Of Data: High (NTDS database, LSASS memory, Active Directory enumeration)Data Exfiltration: Yes (via curl.exe, CurlCat, and encrypted payloads)Data Encryption: Yes (payloads encrypted as PNG files)PNG (encrypted data blobs)Active Directory dataPersonally Identifiable Information: Likely (credentials, NTDS database)

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for GG ?
?
What was GG's A.I Rankiteo Cyber Score in June 2026 ?
?
What was GG's A.I Rankiteo Cyber Score in May 2026 ?
?
What was GG's A.I Rankiteo Cyber Score in April 2026 ?
?
What was GG's A.I Rankiteo Cyber Score in March 2026 ?
?
What was GG's A.I Rankiteo Cyber Score in February 2026 ?
?
What was GG's A.I Rankiteo Cyber Score in January 2026 ?
?
What was GG's A.I Rankiteo Cyber Score in December 2025 ?
?
What was GG's A.I Rankiteo Cyber Score in November 2025 ?
?
What was GG's A.I Rankiteo Cyber Score in October 2025 ?
?
What was GG's A.I Rankiteo Cyber Score in September 2025 ?
?
What was GG's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on GG's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with GG ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view GG's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?