Gamayun APT Exploits New MSC EvilTwin Vulnerability to Deliver Malicious Payloads
Posted: Wed Nov 26, 2025 1:07 pm
Water Gamayun, a Russia‑aligned advanced persistent threat (APT) group, has launched a new multi‑stage intrusion campaign that weaponizes the recently disclosed MSC EvilTwin vulnerability in Windows Microsoft Management Console (MMC).
Leveraging a blend of compromised infrastructure, social engineering, and heavily obfuscated PowerShell, the attackers exploited CVE‑2025‑26633 to inject malicious code into mmc.exe, ultimately delivering hidden payloads and final malware loaders while minimizing user suspicion.
The attack chain begins with a seemingly harmless Bing search for “belay,” which returns a result for the legitimate BELAY Solutions domain, belaysolutions[.]com.
https://gbhackers.com/msc-eviltwin-vulnerability/
Leveraging a blend of compromised infrastructure, social engineering, and heavily obfuscated PowerShell, the attackers exploited CVE‑2025‑26633 to inject malicious code into mmc.exe, ultimately delivering hidden payloads and final malware loaders while minimizing user suspicion.
The attack chain begins with a seemingly harmless Bing search for “belay,” which returns a result for the legitimate BELAY Solutions domain, belaysolutions[.]com.
https://gbhackers.com/msc-eviltwin-vulnerability/