A Türkiye-backed cyberespionage group exploited a zero-day vulnerability in Output Messenger, targeting users linked to the Kurdish military in Iraq. The attackers compromised the server, stole sensitive data, accessed user communications, impersonated users, and disrupted operations. This attack signals an increase in the group's technical sophistication and urgency in their operational goals.
TPRM report: https://scoringcyber.rankiteo.com/company/larksuite
"id": "lar921051325",
"linkid": "larksuite",
"type": "Cyber Attack",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Defense',
'location': 'Iraq',
'name': 'Kurdish Military in Iraq',
'type': 'Military'}],
'attack_vector': 'Zero-Day Vulnerability',
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Sensitive Data',
'User Communications']},
'description': 'A Türkiye-backed cyberespionage group exploited a zero-day '
'vulnerability in Output Messenger, targeting users linked to '
'the Kurdish military in Iraq. The attackers compromised the '
'server, stole sensitive data, accessed user communications, '
'impersonated users, and disrupted operations. This attack '
"signals an increase in the group's technical sophistication "
'and urgency in their operational goals.',
'impact': {'data_compromised': ['Sensitive Data', 'User Communications'],
'operational_impact': 'Disruption of Operations',
'systems_affected': ['Output Messenger Server']},
'motivation': 'Espionage, Data Theft, Operational Disruption',
'threat_actor': 'Türkiye-backed cyberespionage group',
'title': 'Türkiye-backed Cyberespionage Group Exploits Zero-Day Vulnerability '
'in Output Messenger',
'type': 'Cyberespionage',
'vulnerability_exploited': 'Output Messenger'}