A Turkish-affiliated threat actor has exploited a zero-day vulnerability in Output Messenger to target entities linked to the Kurdish military in Iraq. This sophisticated attack involves credential compromise and backdoor deployment, indicating increased operational complexity.
Affected: Kurdish military in Iraq
Affected: Kurdish military in Iraq
Keypoints
- The threat actor, known as Marbled Dust, Sea Turtle, and UNC1326, is focused on espionage activities primarily targeting Europe and the Middle East.
- They have exploited CVE-2025-27920, a directory traversal flaw in Output Messenger, to gain unauthorized access and execute arbitrary code.
- Despite the vulnerability being patched in December 2024, attackers continued exploiting it using compromised credentials obtained through DNS hijacking or typo-squatting.
- Successful exploitation allows attackers to deploy backdoors, access sensitive files, and execute remote commands on targeted systems.
- The targets are mainly associated with the Kurdish military operating in Iraq, highlighting escalation in operational objectives.
- The threat actor has demonstrated increased sophistication by exploiting a zero-day, signaling a shift in their capabilities and ambitions.
- Users are advised to update Output Messenger to version 2.0.63 or later to mitigate risks associated with the vulnerability.
Read More: https://www.securityweek.com/output-messenger-zero-day-exploited-by-turkish-hackers-for-iraq-spying/