Turkish Hackers Gobble Up Zero-Day Exploit: Marbled Dust Strikes Again!
Marbled Dust, a Turkey-affiliated threat actor, is exploiting a zero-day vulnerability in Output Messenger against Kurdish military entities. Despite the flaw being patched, Marbled Dust remains persistent, deploying backdoors and executing arbitrary commands. Microsoft notes this reflects an increase in their technical sophistication, with their targeting priorities likely escalating.
Hot Take:
Seems like Marbled Dust is taking the “Turkey Trot” to a whole new level by pirouetting through vulnerabilities faster than you can say “zero-day.” Who knew cyber espionage could be their new Thanksgiving hobby?
Key Points:
– Marbled Dust is exploiting a zero-day vulnerability in Output Messenger against the Kurdish military in Iraq.
– The group’s espionage targets are primarily in Europe and the Middle East, focusing on government and IT sectors.
– The exploited vulnerability, CVE-2025-27920, involves directory traversal, allowing unauthorized access to sensitive files.
– Marbled Dust uses compromised credentials, often obtained via DNS hijacking, to deploy backdoors and execute commands.
– A patch for the vulnerability was released in December 2024, with another related flaw still not actively exploited.