: Attackers used compromised email accounts to send malicious archives. These attacks utilized homoglyph attacks , where visually similar characters are used to deceive users into opening malicious files.
If you are looking for information on a specific file named 0NB.7z that you have encountered, it is highly recommended to and scan it with updated security software, as .7z files are a common delivery method for the SmokeLoader malware mentioned in recent security briefs. 0NB.7z
: The vulnerability was used to deploy the SmokeLoader malware, which functions as a loader for further cyberespionage tools. : Attackers used compromised email accounts to send
: NIST notes that this specific vulnerability can bypass the "Mark-of-the-Web" protection mechanism, which typically warns users when opening files downloaded from the internet. : The vulnerability was used to deploy the
: The campaign primarily targeted governmental and civilian organizations in Ukraine as part of the Russo-Ukrainian conflict.
: Older community discussions, such as those on Reddit , have debated the cryptographic implementation in 7-Zip, though many reported "flaws" were later deemed low-risk or debunked by the developer.
On February 4, 2025, researchers at Trend Micro published a blog post detailing how Russian-linked threat actors exploited a zero-day vulnerability in 7-Zip, identified as .