Threat Research

    Discovers and Reconstructs a Sophisticated Water Gamayun APT Group Attack

    A compromised site and a lookalike domain worked together to deliver a double-extension RAR file masquerading as a PDF. The payload abused MSC EvilTwin (CVE-2025-26633) to inject code into mmc.exe and trigger hidden PowerShell stages via TaskPad commands. Layered obfuscation, a breached website, and password-protected archives reduced user visibility....
    12/1/2025  0
    Read More »

    A Deep Dive into Water Gamayun’s Arsenal and Infrastructure

    Water Gamayun exploits the MSC EvilTwin zero-day (CVE-2025-26633) to compromise systems and steal data using custom payloads and exfiltration techniques. The attack deploys malicious provisioning packages, signed .msi files, and Windows MSC files, leveraging tools like IntelliJ runnerw.exe for execution....
    3/31/2025  0
    Read More »

    CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin

    Trend Research uncovered a campaign by the Russian threat actor Water Gamayun exploiting a zero-day in the Microsoft Management Console (CVE-2025-26633). The attack manipulates .msc files and MUIPath to execute malicious code, maintain persistence, and steal data. This threat poses significant risks to enterprises, potentially leading to data breaches and financial losses....
    3/26/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.