Summary: Russian cyber threat groups are exploiting a zero-day vulnerability in the 7-Zip archiver to conduct cyberespionage against Ukrainian government entities. This vulnerability, known as CVE-2025-0411, allows attackers to bypass Windows’ Mark-of-the-Web protection, facilitating the execution of malicious code. Targeted organizations include various Ukrainian governmental and local bodies, indicating a strategic approach to exploit less protected entities for larger gains.
Affected: Ukrainian government entities and organizations
Keypoints :
- Vulnerability CVE-2025-0411 was discovered in September 2024 and exploited in a campaign against Ukraine, with a CVSS score of 7.0.
- The flaw involves a bypass of the Mark-of-the-Web protection mechanism in 7-Zip, allowing malicious files to execute without warning.
- The attackers utilized compromised email accounts and employed a homoglyph attack to trick users into executing the malicious archives.
- Targeted organizations include government bodies, local utilities, and other entities believed to have lower cybersecurity capabilities.
- Trend Micro warns that the list of affected organizations may not be comprehensive, suggesting a wider impact.
Source: https://www.securityweek.com/russian-hackers-exploited-7-zip-zero-day-against-ukraine/