{
  "name": "CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks",
  "slug": "cve-2025-0411-ukrainian-organizations-targeted-in-zero-day-campaign-and-homoglyph-attacks",
  "description": "A zero-day vulnerability in 7-Zip (CVE-2025-0411) was exploited by Russian cybercrime groups to target Ukrainian organizations. The vulnerability allows bypassing Windows Mark-of-the-Web protections through double archiving, enabling execution of malicious content. The campaign involved spear-phishing emails with homoglyph attacks to trick users into executing malicious files. The exploit was likely part of a cyberespionage effort in the ongoing Russo-Ukraine conflict. Affected organizations include government entities and businesses. Recommendations include updating 7-Zip, implementing email security measures, and training employees on phishing and homoglyph attacks.",
  "published": "2025-02-04T15:46:09+00:00",
  "created_at": "2025-02-04T15:46:09+00:00",
  "modified_at": "2025-02-05T15:47:26+00:00",
  "created_at_opencti": "2025-02-04T15:46:09+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-02-04",
    "7-zip",
    "CVE-2025-0411",
    "cyberespionage",
    "homoglyph attacks",
    "mark-of-the-web bypass",
    "smokeloader",
    "spear-phishing",
    "zero-day"
  ],
  "related_entities": {
    "malware": [
      {
        "id": "legacy:malware:cc57575058c6dacb",
        "name": "SmokeLoader",
        "slug": "smokeloader"
      }
    ],
    "intrusion_sets": [
      {
        "id": "7f6b2a79-3d52-49d3-bf3d-132ecb1e3608",
        "name": "Russian cybercrime groups",
        "slug": "russian-cybercrime-groups"
      }
    ],
    "attack_patterns": [
      {
        "id": "e8189670-a7bf-47fe-9b43-f3c1add0a2db",
        "name": "T1036.002"
      },
      {
        "id": "f32c7a65-b5a5-46ec-a8c7-d06ca5d27380",
        "name": "T1553.005"
      },
      {
        "id": "52b92395-d3d3-4e05-976a-0fccccfce8d2",
        "name": "T1566.002"
      },
      {
        "id": "9322d33b-00c1-4f99-9f1a-a33d93c0dac2",
        "name": "T1059.007"
      },
      {
        "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6",
        "name": "T1204.002"
      },
      {
        "id": "dc410646-9cdd-427b-92e7-179a54f78f90",
        "name": "T1566.001"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "Ukraine"
      },
      {
        "id": "",
        "name": "Energy"
      },
      {
        "id": "",
        "name": "Transportation"
      },
      {
        "id": "",
        "name": "Government"
      }
    ]
  },
  "external_refs": [
    "https://www.trendmicro.com/en_us/research/25/a/cve-2025-0411-ukrainian-organizations-targeted.html",
    "https://otx.alienvault.com/pulse/67a24451b4727ae85c4dd434"
  ]
}