Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Hackers Exploit Output Messenger Zero-Day

May 13, 2025
Reading Time: 2 mins read
in Alerts
Apple Fixes Critical Bugs in iOS and MacOS

Marbled Dust (formerly Silicon), a Türkiye-linked hacking group which is also known as Cosmic Wolf, Sea Turtle, Teal Kurma, and UNC1326, exploited a zero-day vulnerability in Output Messenger since April 2024. This Indian-made communication platform was targeted to infiltrate devices linked to the Kurdish military forces operating inside Iraq. The group used a directory traversal flaw, CVE-2025-27920, to execute malicious code and extract sensitive information from infected systems. Microsoft confirmed reconnaissance likely occurred beforehand to ensure targets were using the vulnerable version of Output Messenger.

The attackers gained access to the Output Messenger Server Manager by using stolen credentials captured through typosquatting or DNS hijacking.

Once inside, they exploited the flaw to place malicious files like “OM.vbs” into the system’s startup folders for persistence. These files launched a Golang-based backdoor named “OMServerService.exe,” which communicated with a hardcoded domain to exfiltrate user data. Meanwhile, on the client side, another backdoor named “OMClientService.exe” contacted a command-and-control server for further instructions.

The malware’s functions included connectivity checks and hostname reporting before downloading and executing new commands using Windows command-line tools.

This backdoor method allowed attackers to maintain access, impersonate users, and potentially disrupt operations or access sensitive communications. The activity represents a significant leap in technical sophistication for Marbled Dust, suggesting increasing urgency in its operations. Microsoft detected victim devices in Iraq connecting to IPs linked to previous Marbled Dust cyber espionage efforts.

A second vulnerability, CVE-2025-27921, involved reflected XSS in the same software version but has not been exploited yet. Output Messenger’s developer Srimax released patches to fix both flaws after being alerted by Microsoft in late 2024. Still, the lack of public disclosure about active exploitation raised concern about patch awareness among users of Output Messenger.
Microsoft warned that such flaws allow attackers wide-ranging control over internal communications and can disrupt secure operations if unpatched.

Reference:

  • Türkiye Hackers Use Output Messenger Zero-Day to Install Golang Backdoors
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityMay 2025
ADVERTISEMENT

Related Posts

AMOS Mac Stealer Adds Persistent Backdoor

AMOS Mac Stealer Adds Persistent Backdoor

July 8, 2025
AMOS Mac Stealer Adds Persistent Backdoor

NordDragonScan Malware Steals Windows Data

July 8, 2025
AMOS Mac Stealer Adds Persistent Backdoor

New Ransomware BERT Targets ESXi Systems

July 8, 2025
hpingbot Botnet Uses Pastebin C2 Channel

APT36 Targets Indian Defense Linux Systems

July 7, 2025
hpingbot Botnet Uses Pastebin C2 Channel

Hackers Abuse Driver Signing For Malware

July 7, 2025
hpingbot Botnet Uses Pastebin C2 Channel

hpingbot Botnet Uses Pastebin C2 Channel

July 7, 2025

Latest Alerts

New Ransomware BERT Targets ESXi Systems

NordDragonScan Malware Steals Windows Data

AMOS Mac Stealer Adds Persistent Backdoor

APT36 Targets Indian Defense Linux Systems

hpingbot Botnet Uses Pastebin C2 Channel

Hackers Abuse Driver Signing For Malware

Subscribe to our newsletter

    Latest Incidents

    French Chip Firm Semco Hacked During IPO

    Louis Vuitton Korea Hit By Cyberattack

    Virginia School District Hit By Cyberattack

    Ransomware Attack Causes Outage at Ingram

    Call of Duty Players Hacked on Game Pass

    RansomHub Claims Theft of Coppell City Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial