Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Hackers Exploit Output Messenger Zero-Day

May 13, 2025
Reading Time: 2 mins read
in Alerts
Apple Fixes Critical Bugs in iOS and MacOS

Marbled Dust (formerly Silicon), a Türkiye-linked hacking group which is also known as Cosmic Wolf, Sea Turtle, Teal Kurma, and UNC1326, exploited a zero-day vulnerability in Output Messenger since April 2024. This Indian-made communication platform was targeted to infiltrate devices linked to the Kurdish military forces operating inside Iraq. The group used a directory traversal flaw, CVE-2025-27920, to execute malicious code and extract sensitive information from infected systems. Microsoft confirmed reconnaissance likely occurred beforehand to ensure targets were using the vulnerable version of Output Messenger.

The attackers gained access to the Output Messenger Server Manager by using stolen credentials captured through typosquatting or DNS hijacking.

Once inside, they exploited the flaw to place malicious files like “OM.vbs” into the system’s startup folders for persistence. These files launched a Golang-based backdoor named “OMServerService.exe,” which communicated with a hardcoded domain to exfiltrate user data. Meanwhile, on the client side, another backdoor named “OMClientService.exe” contacted a command-and-control server for further instructions.

The malware’s functions included connectivity checks and hostname reporting before downloading and executing new commands using Windows command-line tools.

This backdoor method allowed attackers to maintain access, impersonate users, and potentially disrupt operations or access sensitive communications. The activity represents a significant leap in technical sophistication for Marbled Dust, suggesting increasing urgency in its operations. Microsoft detected victim devices in Iraq connecting to IPs linked to previous Marbled Dust cyber espionage efforts.

A second vulnerability, CVE-2025-27921, involved reflected XSS in the same software version but has not been exploited yet. Output Messenger’s developer Srimax released patches to fix both flaws after being alerted by Microsoft in late 2024. Still, the lack of public disclosure about active exploitation raised concern about patch awareness among users of Output Messenger.
Microsoft warned that such flaws allow attackers wide-ranging control over internal communications and can disrupt secure operations if unpatched.

Reference:

  • Türkiye Hackers Use Output Messenger Zero-Day to Install Golang Backdoors
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityMay 2025
ADVERTISEMENT

Related Posts

Stealth Malware Targets Fortinet Firewalls

Spyware in App Stores Steals Your Photos

June 23, 2025
Stealth Malware Targets Fortinet Firewalls

Prometei Botnet Attacks Servers for Crypto

June 23, 2025
Stealth Malware Targets Fortinet Firewalls

Stealth Malware Targets Fortinet Firewalls

June 23, 2025
New Godfather Trojan Hijacks Banking Apps

Winos 4.0 Malware Hits Taiwan Via Tax Phish

June 20, 2025
New Godfather Trojan Hijacks Banking Apps

New Godfather Trojan Hijacks Banking Apps

June 20, 2025
New Godfather Trojan Hijacks Banking Apps

New Amatera Stealer Delivered By ClearFake

June 20, 2025

Latest Alerts

Spyware in App Stores Steals Your Photos

Stealth Malware Targets Fortinet Firewalls

Prometei Botnet Attacks Servers for Crypto

Winos 4.0 Malware Hits Taiwan Via Tax Phish

New Godfather Trojan Hijacks Banking Apps

New Amatera Stealer Delivered By ClearFake

Subscribe to our newsletter

    Latest Incidents

    Aflac Hacked in Spree on Insurance Firms

    CoinMarketCap Doodle Hack Steals Crypto

    UK’s Oxford Council Legacy Systems Breached

    Massive Leak Exposes 16 Billion Credentials

    Chinese Spies Target Satellite Giant Viasat

    German Dealer Leymann Hacked Closes Stores

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial