United Arab Emirates-linked hacking operation Stealth Falcon has leveraged a high-severity Web Distributed Authoring and Versioning tool zero-day flaw, tracked as CVE-2025-33053, in an attempted intrusion against a major Turkish defense organization in March, reports The Record, a news site by cybersecurity firm Recorded Future.
Exploitation of the WebDAV vulnerability through a phishing email purporting to be a PDF file concerning military equipment damage has enabled Stealth Falcon, which has primarily targeted the Middle East and Africa, to deploy the custom Horus Agent and Horus Loader tools for covert cyberespionage efforts, according to an analysis from Check Point. Microsoft, which addressed the security issue as part of this month's Patch Tuesday updates, noted that the compromise would only be successful if users clicked on a custom URL sent by threat actors. Such an intrusion involving the bug has prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog.
Exploitation of the WebDAV vulnerability through a phishing email purporting to be a PDF file concerning military equipment damage has enabled Stealth Falcon, which has primarily targeted the Middle East and Africa, to deploy the custom Horus Agent and Horus Loader tools for covert cyberespionage efforts, according to an analysis from Check Point. Microsoft, which addressed the security issue as part of this month's Patch Tuesday updates, noted that the compromise would only be successful if users clicked on a custom URL sent by threat actors. Such an intrusion involving the bug has prompted its inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog.
