A new cyber espionage campaign by Russia-aligned APT group Water Gamayun exploits a zero-day Windows vulnerability, CVE-2025-26633, to infiltrate high-value networks. The attack relies on social engineering and exploits trusted Windows processes to deploy malware and steal sensitive information. #WaterGamayun #CVE202526633
Keypoints
- The campaign uses a zero-day vulnerability in Windows, known as MSC EvilTwin, to inject malicious code into system processes.
- Victims are tricked into downloading a disguised RAR archive through a fake site mimicking a legitimate business solution.
- attackers leverage trusted Windows tools like MMC to bypass security defenses and escalate their attack.
- The malware payloads include hidden PowerShell scripts and loaders such as ItunesC.exe, aimed at persistent access.
- Water Gamayun focuses on strategic intelligence and credential theft, employing sophisticated obfuscation to evade detection.