Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage
released on 2025-06-11 @ 09:26:07 AM
Check Point Research (CPR) uncovered an active-weaponized Microsoft WebDAV zero‑day (CVE‑2025‑33053) exploited by the Stealth Falcon APT in a targeted campaign against defense and government organizations across the Middle East and Africa. The attack began with a spear-phishing-disguised .url file that hijacks the working-directory-based execution of legitimate Windows tools (LOLBins) to load malicious executables from a WebDAV server.