**Türkiye-Linked Hackers Exploit Zero-Day in Output Messenger to Target Kurdish Forces**

A Türkiye-linked hacker group known as *Marbled Dust* has been identified as the force behind a stealth cyber-espionage campaign targeting Kurdish military personnel in Iraq. The group exploited a previously unknown zero-day vulnerability—CVE-2025-27920—in *Output Messenger*, an Indian-developed chat application widely used for internal communications.

According to cybersecurity analysts, the attackers deployed a custom backdoor via the flaw, enabling long-term access to infected systems. Once inside, they silently monitored conversations and exfiltrated sensitive data without triggering security alerts.

The incident marks a significant escalation in regional cyber conflict, illustrating how zero-day exploits are increasingly used in geopolitical espionage. Experts urge organizations—especially those in defense, government, and communications—to patch their systems immediately and heighten threat detection.

This operation highlights the rising sophistication of state-aligned hacking groups and the critical need for proactive cybersecurity measures in high-risk regions.