{"id":100935,"date":"2025-02-05T21:05:37","date_gmt":"2025-02-05T21:05:37","guid":{"rendered":"https:\/\/ushopwell.com\/ublog\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/"},"modified":"2025-02-05T21:05:37","modified_gmt":"2025-02-05T21:05:37","slug":"7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine","status":"publish","type":"post","link":"https:\/\/ushopwell.com\/ublog\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/","title":{"rendered":"7-Zip 0-day was exploited in Russia\u2019s ongoing invasion of Ukraine"},"content":{"rendered":"<div>\n<p>Researchers said they recently discovered a zero-day vulnerability in the 7-Zip archiving utility that was actively exploited as part of Russia&#8217;s ongoing invasion of Ukraine.<\/p>\n<p>The vulnerability allowed a Russian cybercrime group to override a Windows protection designed to limit the execution of files downloaded from the Internet. The defense is commonly known as MotW, short for <a href=\"https:\/\/en.wikipedia.org\/wiki\/Mark_of_the_Web\">Mark of the Web<\/a>. It works by placing a \u201cZone.Identifier\u201d tag on all files downloaded from the Internet or from a networked share. This tag, a type of NTFS Alternate Data Stream and in the form of a ZoneID=3, subjects the file to additional scrutiny from Windows Defender SmartScreen and restrictions on how or when it can be executed.<\/p>\n<h2>There\u2019s an archive in my archive<\/h2>\n<p>The 7-Zip vulnerability allowed the Russian cybercrime group to bypass those protections. Exploits worked by embedding an executable file within an archive and then embedding the archive into another archive. While the outer archive carried the MotW tag, the inner one did not. The vulnerability, tracked as CVE-2025-0411, was fixed with the release of version 24.09 in late November.<\/p>\n<p><a href=\"https:\/\/arstechnica.com\/security\/2025\/02\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/\">Read full article<\/a><\/p>\n<p><a href=\"https:\/\/arstechnica.com\/security\/2025\/02\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/#comments\">Comments<\/a><\/p>\n<\/div>\n<p class=\"wpematico_credit\"><small>Powered by <a href=\"http:\/\/www.wpematico.com\" target=\"_blank\">WPeMatico<\/a><\/small><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers said they recently discovered a zero-day vulnerability in the 7-Zip archiving utility that was actively exploited as part of Russia&#8217;s ongoing invasion of Ukraine. The vulnerability allowed a Russian cybercrime group to override a Windows protection designed to limit the execution of files downloaded from the Internet. The defense is commonly known as MotW, short for Mark of the Web. It works by placing a \u201cZone.Identifier\u201d tag on all&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","tve_updated_post":"","tve_custom_css":"","tve_user_custom_css":"","tve_globals":{},"tcb2_ready":0,"tcb_editor_enabled":0,"tve_landing_page":"","_tve_header":"","_tve_footer":""},"categories":[241],"tags":[],"class_list":["post-100935","post","type-post","status-publish","format-standard","hentry","category-technology"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>7-Zip 0-day was exploited in Russia\u2019s ongoing invasion of Ukraine - UshopWell.com<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ushopwell.com\/ublog\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"7-Zip 0-day was exploited in Russia\u2019s ongoing invasion of Ukraine - UshopWell.com\" \/>\n<meta property=\"og:description\" content=\"Researchers said they recently discovered a zero-day vulnerability in the 7-Zip archiving utility that was actively exploited as part of Russia&#8217;s ongoing invasion of Ukraine. The vulnerability allowed a Russian cybercrime group to override a Windows protection designed to limit the execution of files downloaded from the Internet. The defense is commonly known as MotW, short for Mark of the Web. It works by placing a \u201cZone.Identifier\u201d tag on all...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ushopwell.com\/ublog\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/\" \/>\n<meta property=\"og:site_name\" content=\"UshopWell.com\" \/>\n<meta property=\"article:published_time\" content=\"2025-02-05T21:05:37+00:00\" \/>\n<meta name=\"author\" content=\"UShopWell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"UShopWell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\\\/\"},\"author\":{\"name\":\"UShopWell\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/person\\\/6fd1f9e0ff932e534c86c70d5acff0fc\"},\"headline\":\"7-Zip 0-day was exploited in Russia\u2019s ongoing invasion of Ukraine\",\"datePublished\":\"2025-02-05T21:05:37+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\\\/\"},\"wordCount\":201,\"publisher\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#organization\"},\"articleSection\":[\"Technology\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\\\/\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\\\/\",\"name\":\"7-Zip 0-day was exploited in Russia\u2019s ongoing invasion of Ukraine - UshopWell.com\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#website\"},\"datePublished\":\"2025-02-05T21:05:37+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"7-Zip 0-day was exploited in Russia\u2019s ongoing invasion of Ukraine\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#website\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/\",\"name\":\"UshopWell.com\",\"description\":\"The Premiere Online Marketplace\",\"publisher\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#organization\",\"name\":\"UshopWell\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/pandaSwea.png\",\"contentUrl\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/wp-content\\\/uploads\\\/2018\\\/01\\\/pandaSwea.png\",\"width\":365,\"height\":359,\"caption\":\"UshopWell\"},\"image\":{\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/#\\\/schema\\\/person\\\/6fd1f9e0ff932e534c86c70d5acff0fc\",\"name\":\"UShopWell\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g\",\"caption\":\"UShopWell\"},\"url\":\"https:\\\/\\\/ushopwell.com\\\/ublog\\\/author\\\/kburnettu\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"7-Zip 0-day was exploited in Russia\u2019s ongoing invasion of Ukraine - UshopWell.com","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ushopwell.com\/ublog\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/","og_locale":"en_US","og_type":"article","og_title":"7-Zip 0-day was exploited in Russia\u2019s ongoing invasion of Ukraine - UshopWell.com","og_description":"Researchers said they recently discovered a zero-day vulnerability in the 7-Zip archiving utility that was actively exploited as part of Russia&#8217;s ongoing invasion of Ukraine. The vulnerability allowed a Russian cybercrime group to override a Windows protection designed to limit the execution of files downloaded from the Internet. The defense is commonly known as MotW, short for Mark of the Web. It works by placing a \u201cZone.Identifier\u201d tag on all...","og_url":"https:\/\/ushopwell.com\/ublog\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/","og_site_name":"UshopWell.com","article_published_time":"2025-02-05T21:05:37+00:00","author":"UShopWell","twitter_card":"summary_large_image","twitter_misc":{"Written by":"UShopWell","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/ushopwell.com\/ublog\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/#article","isPartOf":{"@id":"https:\/\/ushopwell.com\/ublog\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/"},"author":{"name":"UShopWell","@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/person\/6fd1f9e0ff932e534c86c70d5acff0fc"},"headline":"7-Zip 0-day was exploited in Russia\u2019s ongoing invasion of Ukraine","datePublished":"2025-02-05T21:05:37+00:00","mainEntityOfPage":{"@id":"https:\/\/ushopwell.com\/ublog\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/"},"wordCount":201,"publisher":{"@id":"https:\/\/ushopwell.com\/ublog\/#organization"},"articleSection":["Technology"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/ushopwell.com\/ublog\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/","url":"https:\/\/ushopwell.com\/ublog\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/","name":"7-Zip 0-day was exploited in Russia\u2019s ongoing invasion of Ukraine - UshopWell.com","isPartOf":{"@id":"https:\/\/ushopwell.com\/ublog\/#website"},"datePublished":"2025-02-05T21:05:37+00:00","breadcrumb":{"@id":"https:\/\/ushopwell.com\/ublog\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ushopwell.com\/ublog\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/ushopwell.com\/ublog\/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/ushopwell.com\/ublog\/"},{"@type":"ListItem","position":2,"name":"7-Zip 0-day was exploited in Russia\u2019s ongoing invasion of Ukraine"}]},{"@type":"WebSite","@id":"https:\/\/ushopwell.com\/ublog\/#website","url":"https:\/\/ushopwell.com\/ublog\/","name":"UshopWell.com","description":"The Premiere Online Marketplace","publisher":{"@id":"https:\/\/ushopwell.com\/ublog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ushopwell.com\/ublog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/ushopwell.com\/ublog\/#organization","name":"UshopWell","url":"https:\/\/ushopwell.com\/ublog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/logo\/image\/","url":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2018\/01\/pandaSwea.png","contentUrl":"https:\/\/ushopwell.com\/ublog\/wp-content\/uploads\/2018\/01\/pandaSwea.png","width":365,"height":359,"caption":"UshopWell"},"image":{"@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/ushopwell.com\/ublog\/#\/schema\/person\/6fd1f9e0ff932e534c86c70d5acff0fc","name":"UShopWell","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4adb372cadd43b4d4c57964dab95b0f69618bf960d131c4acf49d96d6bbc9c6e?s=96&d=mm&r=g","caption":"UShopWell"},"url":"https:\/\/ushopwell.com\/ublog\/author\/kburnettu\/"}]}},"_links":{"self":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/posts\/100935","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/comments?post=100935"}],"version-history":[{"count":0,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/posts\/100935\/revisions"}],"wp:attachment":[{"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/media?parent=100935"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/categories?post=100935"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ushopwell.com\/ublog\/wp-json\/wp\/v2\/tags?post=100935"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}