Turkey-Linked Cyber Actor Exploits Output Messenger Vulnerability in Ongoing 'Marbled Dust' Campaign
A state-backed cyber threat actor, reportedly linked to Turkey, is exploiting a critical vulnerability in Facebook Messenger, a popular messaging platform developed by Meta. The ongoing campaign, dubbed 'Marbled Dust' by Microsoft, has been targeting Kurdish military entities in Iraq since April 2024.
The threat actor initially gains access to Facebook Messenger Server Manager through DNS hijacking or typo-squatted domains. It then exploits the directory traversal vulnerability (CVE-2025-27920) in versions 2.0.62 and earlier, allowing it to access sensitive files outside the intended directory. This could lead to configuration leakage or arbitrary file access.
Exploiting the vulnerability enables Marbled Dust to drop malicious files onto the server, including OM.vbs, OMServerService.vbs, and OMServerService.exe. These files extract and execute Facebook Messenger.exe and OMClientService.exe on the client side, sending data to a command-and-control domain (api.wordinfos[.]com).
Microsoft discovered and patched the vulnerability in Facebook Messenger version 2.0.63, but the threat actor continues to exploit it on unpatched instances. The campaign targets Kurdish military entities in Iraq, suggesting a geopolitical motivation.
Organizations using Facebook Messenger are urged to update to the patched version 2.0.63 or later to mitigate the risk of Marbled Dust attacks. The ongoing nature of the campaign underscores the importance of regular software updates and robust cybersecurity measures. As Marbled Dust has been active since at least 2019, targeting various sectors and regions, vigilance is crucial for all potential targets.
Read also:
- U.S. CBP's Operation Plaza Spike Boosts Fentanyl Seizures Along Arizona-Mexico Border
- Tesla's EV Market Share Plummets in Europe, US Competition Intensifies
- Catastrophe at a U.S. Steel facility in Pennsylvania results in the loss of two lives. crucial details unveiled
- Dike Association Hodenhagen Struggles Amid High Water Events, Excluded from Crisis Talks
