Stealth Falcon, a long-active cyber-espionage group, exploited a zero-day vulnerability in Windows (CVE-2025-33053) to target a Turkish defense firm using a malicious file disguised as a PDF. The attack leveraged the WebDAV protocol to stealthily execute a multi-stage infection chain that deployed a custom-built spying tool named Horus Agent. This advanced implant, designed for stealth and resilience, showcased heavy obfuscation, anti-analysis techniques, and custom payload delivery, highlighting the group’s deep technical sophistication and long-term surveillance goals.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox