CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A zero-day vulnerability in 7-Zip (CVE-2025-0411) was exploited by Russian cybercrime groups to target Ukrainian organizations. The vulnerability allows bypassing Windows Mark-of-the-Web protections through double archiving, enabling execution of malicious content. The campaign involved spear-phishing emails with homoglyph attacks to trick users into executing malicious files. The exploit was likely part of a cyberespionage effort in the ongoing Russo-Ukraine conflict. Affected organizations include government entities and businesses. Recommendations include updating 7-Zip, implementing email security measures, and training employees on phishing and homoglyph attacks.
OPENCTI LABELS :
spear-phishing,zero-day,cyberespionage,smokeloader,cve-2025-0411,7-zip,homoglyph attacks,mark-of-the-web bypass
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks