Turkish Cyber Espionage Alert: Marbled Dust Exploits Unpatched Chat App Vulnerability
Marbled Dust, a cyber threat actor linked to Turkish interests, is exploiting unpatched vulnerabilities in Output Messenger. Known as CVE-2025-27920, this flaw allows attackers to access sensitive files. Despite a patch being available, the threat persists against Kurdish military targets. Remember, folks: patching is crucial—it’s like flossing but for your software!
Hot Take:
Who knew that 2024 would be the year of chat app vulnerabilities and Turkish delight? Marbled Dust is out here making more noise than a Turkish bazaar, exploiting vulnerabilities like it’s Black Friday! If you haven’t patched your Output Messenger yet, it’s time to stop living on the edge and take the plunge into the serene world of security updates. Remember, unpatched software is like leaving your front door wide open with a “Welcome, Hackers!” sign. Cheers to Marbled Dust for making Turkish cyber-espionage the plot twist of the year!
Key Points:
- Microsoft Threat Intelligence reports on a campaign by Marbled Dust, linked to Turkish interests, exploiting a vulnerability in Output Messenger.
- The vulnerability, CVE-2025-27920, allows attackers to perform directory traversal attacks, affecting all Output Messenger versions before 2.0.63.
- Marbled Dust targets the Kurdish military in Iraq and has been active since April 2024, exploiting unpatched instances even after the release of fixes.
- Exploitation involves dropping malicious files and using a Golang backdoor for data exfiltration.
- Despite a second vulnerability being identified, there is no evidence of its exploitation by Marbled Dust.