Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage
Essential information
- Published
- 11/06/2025 09:26
- Modified
- 11/06/2025 10:22
- Tags
- 2025-06-11 CVE-2025-33053 apt cyberespionage keylogger mythic webdav zeroday
- Related entities
- 40 observables, 7 techniques (mitre), 1 malware, 5 others
Description
Check Point Research (CPR) uncovered an active-weaponized Microsoft WebDAV zero‑day (CVE‑2025‑33053) exploited by the Stealth Falcon APT in a targeted campaign against defense and government organizations across the Middle East and Africa. The attack began with a spear-phishing-disguised .url file that hijacks the working-directory-based execution of legitimate Windows tools (LOLBins) to load malicious executables from a WebDAV server.