Russian Hackers Leverage CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp Backdoors
TL;DR
Russian hackers have exploited a recently patched vulnerability in Microsoft Windows to deploy two new backdoors, SilentPrism and DarkWisp. The attacks are attributed to the Water Gamayun group, known for sophisticated cyber espionage tactics.
Russian Hackers Exploit CVE-2025-26633 to Deploy SilentPrism and DarkWisp Backdoors
Overview
Russian hackers have been identified as the threat actors behind the zero-day exploitation of a recently patched security vulnerability in Microsoft Windows. This exploit has been used to deliver two new backdoors, named SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group known as Water Gamayun, which is also referred to as EncryptHub and LARVA-208.
Exploitation Details
The vulnerability, designated as CVE-2025-26633, allows attackers to gain unauthorized access to systems running affected versions of Microsoft Windows. By leveraging this vulnerability, the hackers can deploy sophisticated malware payloads that remain undetected for extended periods. The primary method of payload delivery involves the use of MSC EvilTwin, a technique that mimics legitimate system processes to avoid detection.
SilentPrism and DarkWisp Backdoors
SilentPrism and DarkWisp are advanced backdoors designed to maintain persistent access to compromised systems. These backdoors enable the attackers to:
- Exfiltrate sensitive data
- Monitor user activities
- Execute remote commands
- Install additional malware
The deployment of these backdoors highlights the evolving tactics of the Water Gamayun group, which is known for its sophisticated cyber espionage campaigns targeting various sectors, including government, finance, and technology.
Attribution to Water Gamayun
The Water Gamayun group, also known as EncryptHub and LARVA-208, has a history of conducting high-profile cyber attacks. Their operations are characterized by:
- Advanced persistent threats (APTs)
- Use of zero-day vulnerabilities
- Sophisticated malware development
The group’s latest exploitation of CVE-2025-26633 underscores their continued efforts to infiltrate and compromise critical infrastructure.
Mitigation and Defense
To protect against such threats, organizations are advised to:
- Apply the latest security patches promptly
- Implement robust monitoring and detection systems
- Conduct regular security audits
- Educate employees on cybersecurity best practices
For more details, visit the full article: source
Conclusion
The exploitation of CVE-2025-26633 by Russian hackers to deploy SilentPrism and DarkWisp backdoors underscores the ongoing threat posed by advanced cyber espionage groups. Organizations must remain vigilant and proactive in their cybersecurity measures to mitigate such risks effectively.
For further insights, check: