Cyber Attack cyber

Turkish defense company

Jun 10, 2025 1 min read
Turkish defense company

A sophisticated cyberattack campaign by the advanced persistent threat group, Stealth Falcon, targeted a major Turkish defense company. The attack exploited a previously unknown zero-day vulnerability to execute malware remotely, using a malicious .url file likely distributed via spear-phishing. The attack allowed arbitrary code execution through process hollowing, bypassing traditional defenses. The group deployed 'Horus Agent,' a custom-built implant, and several undisclosed custom tools, focusing on reconnaissance and evading detection. The attack highlights the ongoing threat posed by APT groups targeting critical infrastructure and defense organizations.

Source: https://cybersecuritynews.com/webdav-0-day-rce-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/aselsan

"id": "ase303061025",
"linkid": "aselsan",
"type": "Cyber Attack",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Defense',
                        'location': 'Turkey',
                        'name': 'Major Turkish defense company',
                        'type': 'Defense contractor'}],
 'attack_vector': 'Spear-phishing email with malicious .url file',
 'description': 'A sophisticated cyberattack campaign by the advanced '
                'persistent threat group, Stealth Falcon, which exploited a '
                'previously unknown zero-day vulnerability to target a major '
                'Turkish defense company and execute malware remotely.',
 'impact': {'systems_affected': ['Internet Explorer diagnostics utility '
                                 '(iediagcmd.exe)']},
 'initial_access_broker': {'entry_point': 'Spear-phishing email',
                           'high_value_targets': ['Government and defense '
                                                  'sectors in Turkey, Qatar, '
                                                  'Egypt, and Yemen']},
 'motivation': 'Cyber espionage',
 'post_incident_analysis': {'root_causes': 'Exploitation of zero-day '
                                           'vulnerability CVE-2025-33053 '
                                           'through a malicious .url file'},
 'references': [{'source': 'Check Point Research'}],
 'threat_actor': 'Stealth Falcon (FruityArmor)',
 'title': 'Stealth Falcon APT Group Exploits Zero-Day Vulnerability to Target '
          'Turkish Defense Company',
 'type': 'Advanced Persistent Threat (APT)',
 'vulnerability_exploited': 'CVE-2025-33053'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.