CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks

Feb. 5, 2025, 4:47 p.m.

Description

A zero-day vulnerability in 7-Zip (CVE-2025-0411) was exploited by Russian cybercrime groups to target Ukrainian organizations. The vulnerability allows bypassing Windows Mark-of-the-Web protections through double archiving, enabling execution of malicious content. The campaign involved spear-phishing emails with homoglyph attacks to trick users into executing malicious files. The exploit was likely part of a cyberespionage effort in the ongoing Russo-Ukraine conflict. Affected organizations include government entities and businesses. Recommendations include updating 7-Zip, implementing email security measures, and training employees on phishing and homoglyph attacks.

External References

https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html
https://otx.alienvault.com/pulse/67a24451b4727ae85c4dd434
Tags
zero-day
cyberespionage
smokeloader
spear-phishing
CVE-2025-0411
2025-02-04
7-zip
homoglyph attacks
mark-of-the-web bypass

Date

  • Created: Feb. 4, 2025, 4:46 p.m.
  • Published: Feb. 4, 2025, 4:46 p.m.
  • Modified: Feb. 5, 2025, 4:47 p.m.

Attack Patterns

  • SmokeLoader
  • Russian cybercrime groups

Additional Informations

  • Energy
  • Transportation
  • Government
  • Ukraine