A Türkiye-affiliated espionage threat actor, Marbled Dust, has been exploiting a zero-day vulnerability in Output Messenger since April 2024. The attacks target Kurdish military entities in Iraq, allowing the actor to deliver malicious files and exfiltrate data. The exploit involves a directory traversal vulnerability in the Output Messenger Server Manager application, enabling authenticated users to upload malicious files to the server's startup directory. Marbled Dust's attack chain includes dropping malicious VBS and EXE files, using GoLang backdoors for data exfiltration, and leveraging the Output Messenger system architecture to access user communications and sensitive data.