Zero-Day Mayday: Marbled Dust Hacks Kurdish Military via Output Messenger Flaw!
A Türkiye-linked APT group exploited an Output Messenger zero-day, targeting Kurdish military in Iraq since April 2024. Known as Marbled Dust, this group used CVE-2025-27920 to collect data and deploy malware, marking a shift in their technical abilities. Microsoft researchers observed data theft and user impersonation risks as the group infiltrated systems.
Hot Take:
Well, it seems Marbled Dust is doing more than just gathering pebbles. This Türkiye-linked group has decided to take a stroll down the zero-day vulnerability lane, targeting Kurdish military users in Iraq. Clearly, they believe the early bird gets the worm (or the zero-day exploit), and they’re not wrong. It’s a classic case of ‘your app is my playground,’ and Marbled Dust is swinging from the monkey bars with glee. Who knew Output Messenger could output such chaos?
Key Points:
– Marbled Dust exploited a zero-day flaw, CVE-2025-27920, in Output Messenger.
– The group targets Kurdish military-linked users in Iraq since April 2024.
– The vulnerability allows directory traversal, leading to unauthorized data access.
– Attackers used DNS hijacking or typo-squatting to steal credentials.
– The attack marks a shift in Marbled Dust’s technical sophistication and urgency.