216.73.216.204

Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage

· Published 11/06/2025 09:26 · Modified 11/06/2025 10:22

Export JSON

Essential information

Published
11/06/2025 09:26
Modified
11/06/2025 10:22
Tags
2025-06-11 CVE-2025-33053 apt cyberespionage keylogger mythic webdav zeroday
Related entities
40 observables, 7 techniques (mitre), 1 malware, 5 others

Description

Check Point Research (CPR) uncovered an active-weaponized Microsoft zero‑day (CVE‑2025‑33053) exploited by the Stealth Falcon in a targeted campaign against defense and government organizations across the Middle East and Africa. The attack began with a spear-phishing-disguised .url file that hijacks the working-directory-based execution of legitimate Windows tools (LOLBins) to load malicious executables from a server.

External references