An APT group called Stealth Falcon has exploited a zero-day Windows WebDav RCE vulnerability (CVE-2025-33053) to conduct cyberespionage against Middle Eastern defense and government organizations. Microsoft issued a patch to fix the flaw, which allows remote code execution through manipulated WebDAV paths, enabling stealthy operations. #StealthFalcon #CVE202533053
Keypoints
- Stealth Falcon has targeted Middle East organizations through zero-day WebDav vulnerabilities.
- The exploit uses malicious .url files that trick Windows into executing remote code from a WebDAV server.
- The vulnerability enables the execution of a loader called βHorus Loaderβ and a C2 implant βHorus Agent.β
- The attack method involves phishing emails with deceptive URLs disguised as PDFs.
- Microsoft released a security update addressing CVE-2025-33053, and organizations are advised to apply it or monitor WebDAV traffic.