Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

7-Zip Flaw Exploited to Deliver SmokeLoader

February 5, 2025
Reading Time: 2 mins read
in Alerts
Malicious Go Package Grants Remote Access

A security vulnerability in the 7-Zip archiver tool, identified as CVE-2025-0411, was actively exploited to deliver SmokeLoader malware. The flaw allowed attackers to bypass Windows’ Mark-of-the-Web (MotW) protections, enabling the execution of malicious code without security warnings. The vulnerability was patched in November 2024 with version 24.09 of 7-Zip, but before that, Russian cybercriminal groups had already weaponized it in phishing campaigns. They leveraged homoglyph attacks to disguise malicious ZIP files as Microsoft Word documents, deceiving users and the Windows operating system into executing them.

This attack method involved double archiving, where a malicious payload was concealed within nested ZIP files to evade detection. Since earlier versions of 7-Zip failed to propagate MotW protections to encapsulated files, Windows’ security mechanisms did not recognize the threat. Once the deceptive ZIP file was opened, it executed an internet shortcut (.URL) file, directing victims to an attacker-controlled server.

This server then delivered another ZIP file containing the SmokeLoader malware, which was disguised as a PDF document to further trick the target.

The phishing emails used in these attacks were sent from compromised email accounts linked to Ukrainian government bodies and businesses, making them appear legitimate. These messages were primarily directed at local government agencies, municipal organizations, and businesses, indicating that attackers had prior access to compromised credentials. Once the malware was installed, it provided attackers with unauthorized access to infected systems, enabling further espionage and cyber operations. Given the geopolitical context, researchers suspect this campaign was part of a larger cyberwarfare effort targeting Ukraine amid ongoing tensions.

At least nine Ukrainian government entities, including the Ministry of Justice, Kyiv Public Transportation Service, and Kyiv Water Supply Company, were affected by this campaign. Security experts recommend updating 7-Zip to the latest version, implementing stronger email filtering mechanisms, and disabling the execution of files from untrusted sources to mitigate such attacks. The incident highlights how smaller government organizations, often lacking advanced cybersecurity defenses, can be targeted as entry points for broader attacks against larger institutions.

Reference:
  • 7-Zip Security Flaw Exploited to Deliver SmokeLoader Malware in Targeted Attacks
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityFebruary 2025
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial