Since April 2024, the threat actor that Microsoft Threat Intelligence tracks as Marbled Dust has been observed exploiting user accounts that have not applied fixes to a zero-day vulnerability (CVE-2025-27920) in the messaging app Output Messenger, a multiplatform chat software.
These exploits have resulted in collection of related user data from targets in Iraq. Microsoft Threat Intelligence assesses with high confidence that the targets of the attack are associated with the Kurdish military operating in Iraq, consistent with previously observed Marbled Dust targeting priorities. Microsoft Threat Intelligence assesses with moderate confidence that Marbled Dust conducts reconnaissance to determine whether their targets are Output Messenger users and chooses this attack vector based on that knowledge. Successful exploitation allows the threat actor to deliver multiple malicious files and exfiltrate data from targets.
Read more…
Source: Microsoft
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Man to plead guilty to hacking US Supreme Court filing system
January 13, 2026
A resident of Springfield, Tennessee, is expected to plead guilty to hacking the U.S. Supreme Court’s electronic document filing system dozens of times over several months. Prosecutors say between August and October 2023, Nicholas Moore, 24, “intentionally accessed a computer without authorization on 25 different days and thereby obtained information from a protected computer,” according to ...
- Analyzing a Multi-Stage AsyncRAT Campaign via Managed Detection and Response
January 12, 2026
AsyncRAT has emerged as a notable Remote Access Trojan (RAT) used by threat actors for its robust capabilities and ease of deployment. It gained favor for its extensive feature set, which includes keylogging, screen capturing, and remote command execution capabilities. Its modular architecture, typically implemented in Python, provides flexibility and ease of customization, making it a ...
- New Zealand: Second health provider, Canopy Health, hit in major cyber attack
January 12, 2026
Patients caught up in the CanopyHealth data breach are furious that it took the company six months to tell them about it. On Monday, it was revealed the leading private provider doing breast cancer diagnosis and treatment took six months to notify some patients or the public of a major cyber attack on its systems. In ...
- Europol: 34 arrests in Spain during action against the ‘Black Axe’ criminal organisation
January 9, 2026
The Spanish National Police (Policía Nacional), in close cooperation with the Bavarian State Criminal Police Office (Bayerisches Landeskriminalamt) and with the support of Europol, has conducted an operation against the international criminal organisation ‘Black Axe’. The action resulted in 34 arrests and significant disruptions to the group’s activities. Black Axe is a highly structured, hierarchical group ...
- ‘ZombieAgent’ zero click vulnerability allows for silent account takeover
January 9, 2026
OpenAI recently introduced a new feature for ChatGPT which, unfortunately, also puts users at risk of data exfiltration and persistent access. In December 2025, a feature called Connectors finally moved out of beta and into general availability. This feature allows ChatGPT to connect to numerous other apps, such as calendars, cloud storage, email accounts, and similar ...
- 10 emergency directives retired as CISA declares them redundant
January 9, 2026
The US Cybersecurity and Infrastructure Security Agency (CISA) retired ten Emergency Directives (ED) it issued between 2019 and 2024, saying they achieved their purpose and are no longer needed. In a short announcement published on its website, CISA said the EDs have either been successfully implemented or are now encompassed through Binding Operational Directive (BOD) 22-01, ...