Turkish Espionage Escapades: Marbled Dust’s Zero-Day Dance with Kurdish Data
Turkish spies, using a zero-day bug in Output Messenger, have been snooping on the Kurdish army in Iraq, Microsoft reveals. The espionage group, Marbled Dust, exploited CVE-2025-27920 to steal sensitive data. Srimax, the app’s developer, has since patched the flaw, but not all users have updated their software.
Hot Take:
Who knew Turkey would be the latest IT support nightmare for the Kurdish army? While Srimax was busy baking a patch pie in December, nobody told Marbled Dust that this isn’t a free-for-all buffet. It’s like they found the secret ingredient to a zero-day bug soufflé and just couldn’t resist, despite Microsoft’s best attempts to spoil their appetite. Maybe it’s time we start sending fruit baskets as peace offerings to these cyber snoops—filled with rotten apples, of course.
Key Points:
– Turkish spies, tracked as “Marbled Dust”, exploited a zero-day bug in the Output Messenger app to gather data on the Kurdish army.
– The cyber-espionage began in April 2024, exploiting a directory traversal vulnerability known as CVE-2025-27920.
– Srimax, the app developer, issued a patch in December, but not all users applied it.
– Marbled Dust also resorts to DNS hijacking, compromising credentials to gain unauthorized access.
– Microsoft stresses the importance of updating to Output Messenger version V2.0.63 to avoid exploitation.