A cyber-espionage group linked to the Turkish government has exploited a zero-day flaw in Output Messenger to surveil Kurdish military activities in Iraq. The attack has targeted organizational chat accounts, potentially leading to data theft and operational disruptions.
Affected: Output Messenger.
Affected: Output Messenger.
Keypoints
- The threat group, known as Marbled Dust, has been active since April 2024, targeting Kurdish military-related accounts.
- The attack exploited an undisclosed zero-day vulnerability, CVE-2025-27920, allowing malicious file uploads to the messaging app.
- Microsoft suspects techniques like DNS hijacking or typosquatting to intercept web traffic and capture user credentials.
- The vulnerability could enable hackers to access all user communications, steal data, impersonate users, and disrupt operations.
- Output Messenger’s developer released patches addressing both CVE-2025-27920 and a second bug, CVE-2025-27921, that was not exploited.
- The hacking activities align with other operations tracked as Sea Turtle or UNC1326, often targeting government and technology sectors in Europe and the Middle East.
- The Kurdish militant group PKK announced disbanding and disarming amid the ongoing regional conflicts with Turkey.
Read More: https://therecord.media/microsoft-zero-day-spy-campaign