Summary: A security vulnerability in the 7-Zip archiver tool (CVE-2025-0411) has been exploited to deliver SmokeLoader malware, primarily targeting organizations in Ukraine amidst the ongoing Russo-Ukrainian conflict. The flaw allows attackers to bypass security features and execute malicious code by manipulating file extensions. At least nine governmental and non-governmental entities have been impacted by this sophisticated phishing campaign.
Affected: 7-Zip, Ukrainian government and non-government organizations
Keypoints :
- Vulnerability CVE-2025-0411 has a CVSS score of 7.0 and allows remote code execution.
- Exploitation involves double archiving techniques that bypass Microsoft’s mark-of-the-web protections.
- Phishing emails leveraged compromised accounts to target organizations with disguised malware.
- Smaller local government bodies were notably affected, often lacking robust cyber defenses.
- Users are urged to update 7-Zip and enhance email filtering to combat such threats.
Source: https://thehackernews.com/2025/02/russian-cybercrime-groups-exploiting-7.html