A zero-day vulnerability in 7-Zip (CVE-2025-0411) was exploited by Russian cybercrime groups to target Ukrainian organizations. The vulnerability allows bypassing Windows Mark-of-the-Web protections through double archiving, enabling execution of malicious content. The campaign involved spear-phishing emails with homoglyph attacks to trick users into executing malicious files. The exploit was likely part of a cyberespionage effort in the ongoing Russo-Ukraine conflict. Affected organizations include government entities and businesses. Recommendations include updating 7-Zip, implementing email security measures, and training employees on phishing and homoglyph attacks. Author: AlienVault
Related Tags:
cve-2025-0411
homoglyph attacks
7-zip
T1036.002
T1059.007
T1553.005
T1566.002
T1566.001
spear-phishing
Associated Indicators:
D6D722AE73DDFF1AD7C468FECA882B159A2A6E267DF8B219482B514CDAB74C21
7786501E3666C1A5071C9C5E5A019E2BC86A1F169D469CC4BFEF2FE339AAF384
915B73A57AAF759FBD5352D79656E1B697545E6C9D953AB05AACF61ED4F6E397
888F68917F9250A0936FD66EA46B6C510D0F6A0CA351EE62774DD14268FE5420
54678013C8741DB3340960E54BA93001C27619EAD5CF5CC2EAFD4C0FCF797AE6
FDFBDD42944C9E3B9697A8D8375E4E5CFD45C86941AA3F8F6DD0D08607B73144
84AB6C3E1F2DC98CF4D5B8B739237570416BB82E2EDAF078E9868663553C5412
554D9DDD6FD1CCB15D7686C8BADB8653323C71884C7F20EFB19B56324FF34FC1
2E33C2010F95CBDA8BF0817F1B5C69B51C860C536064182B67261F695F54E1D5