Water Gamayun APT Exploits MSC EvilTwin Vulnerability

An advanced persistent threat group, Water Gamayun, has launched a new intrusion campaign exploiting the MSC EvilTwin vulnerability in Windows MMC. The attack begins with a compromised search result leading to a lookalike domain, which delivers a malicious RAR file disguised as a PDF. The payload exploits the vulnerability to inject code into mmc.exe, ultimately delivering hidden PowerShell payloads. The campaign is attributed to Water Gamayun based on distinctive obfuscation patterns, infrastructure design, and social engineering themes.