Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage

SUMMARY :

Check Point Research (CPR) uncovered an active-weaponized Microsoft WebDAV zero‑day (CVE‑2025‑33053) exploited by the Stealth Falcon APT in a targeted campaign against defense and government organizations across the Middle East and Africa. The attack began with a spear-phishing-disguised .url file that hijacks the working-directory-based execution of legitimate Windows tools (LOLBins) to load malicious executables from a WebDAV server.

OPENCTI LABELS :

apt,keylogger,cyberespionage,webdav,mythic,cve-2025-33053,zeroday


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage