HomeCII/OTRussian cyber criminals are taking advantage of 7-Zip zero-day vulnerability (CVE-2025-0411)

Russian cyber criminals are taking advantage of 7-Zip zero-day vulnerability (CVE-2025-0411)

Published on

spot_img

Trend Micro researchers recently discovered that a known vulnerability in the popular open-source archiver tool 7-Zip, identified as CVE-2025-0411, has been exploited in zero-day attacks to deliver malware to Ukrainian entities. This vulnerability, which was patched in November 2024, allows threat actors to bypass Windows Mark-of-the-Web (MoTW) protections by double archiving contents using 7-Zip.

Peter Girnus, a researcher with Trend Micro Zero Day Initiative, explained that prior to version 24.09, 7-Zip did not properly propagate MoTW protections to the content of double-encapsulated archives. This loophole enables threat actors to craft archives containing malicious scripts or executables that will not receive MoTW protections, leaving Windows users vulnerable to attacks.

In a recent zero-day attack campaign, threat actors leveraged CVE-2025-0411 to execute arbitrary code in the context of the current user. The attackers targeted employees in Ukrainian municipal organizations and businesses by sending emails with malicious attachments from compromised accounts belonging to Ukrainian governing bodies. By using deceptive tactics, such as employing Cyrillic characters to mimic legitimate files, the attackers were able to trick users into triggering the exploit for CVE-2025-0411, leading to the execution of malicious files.

Trend Micro believes that the campaign was orchestrated by Russian cybercrime groups, with cyberespionage being the likely purpose of the attacks amidst the Russo-Ukrainian conflict.

To mitigate the risks associated with this vulnerability, organizations are advised to update their 7-Zip software to the latest version (24.09), as the tool does not have an auto-update feature. Additionally, employees should be educated on MoTW and phishing awareness, email security measures should be implemented to detect and block spear-phishing attacks, and systems should be configured to prompt users for verification before opening files from untrusted sources. Domain and URL filtering to detect and block homoglyph-based phishing attacks is also recommended by Trend Micro.

Overall, staying updated on software patches, conducting regular security training for employees, and implementing robust email security measures are crucial steps for organizations to protect themselves against such zero-day attacks exploiting known vulnerabilities like CVE-2025-0411 in 7-Zip.

Source link

Latest articles

Microsoft Addresses Multiple Windows RDP Vulnerabilities That Expose Sensitive Data Over the Network

Microsoft has recently taken significant steps to address multiple vulnerabilities related to the Windows...

AI Introduces Human Oversight Tax for Cybersecurity

Security Teams Save Time on Tasks but Spend More Time Checking AI's Work In an...

Patch Tuesday Summary: Microsoft Addresses Record 569 Vulnerabilities; SAP Resolves Critical Memory Corruption Issue

In a recent update, Thomas Fritsch, an esteemed SAP researcher at Onapsis, highlighted critical...

U.S. Sanctions First VPN Service and Malware Cryptor Seller for Ransomware Support

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has taken significant action...

More like this

Microsoft Addresses Multiple Windows RDP Vulnerabilities That Expose Sensitive Data Over the Network

Microsoft has recently taken significant steps to address multiple vulnerabilities related to the Windows...

AI Introduces Human Oversight Tax for Cybersecurity

Security Teams Save Time on Tasks but Spend More Time Checking AI's Work In an...

Patch Tuesday Summary: Microsoft Addresses Record 569 Vulnerabilities; SAP Resolves Critical Memory Corruption Issue

In a recent update, Thomas Fritsch, an esteemed SAP researcher at Onapsis, highlighted critical...