In late 2024, amidst the ongoing conflict, Ukrainian government and civilian organizations began receiving highly targeted . These emails appeared to be urgent documents, but tucked inside was a double-archived file: Lab02.7z . The Weapon: CVE-2025-0411
This script reached out to the hackers' command-and-control servers to download . Lab02.7z
When a user opened Lab02.7z and double-clicked what looked like a Word document, they unknowingly bypassed all of Windows' built-in security warnings. A hidden would launch in the background. In late 2024, amidst the ongoing conflict, Ukrainian
The caught the campaign in September 2024. They worked with the developer of 7-Zip, Igor Pavlov, who released a patch in version 24.09 on November 30, 2024, to fix the MOTW bypass. In late 2024