Microsoft Uncovers Turkish Hacking of Kurdish Forces

Microsoft has identified a zero-day vulnerability exploited in a cyber-espionage campaign targeting Kurdish military operations in Iraq, the company said. The attacks involve hackers aligned with the Turkish government who have breached Output Messenger, a workplace communication platform, to monitor cross-border activities.

According to the tech giant, the threat actors used the software’s weaknesses to gain unauthorized access to sensitive communications. The surveillance operation appears focused on gathering intelligence about Kurdish forces operating near the Turkish-Iraqi border.

Microsoft did not disclose the specific vulnerability or detail the number of affected systems. However, the discovery underscores growing concerns around state-sponsored cyber activity in politically sensitive regions.

Output Messenger, widely used for internal communications, has become a key vector in this cyber campaign, allowing attackers to infiltrate and eavesdrop on strategic conversations. The campaign highlights the evolving tactics of government-aligned cyber actors in leveraging commercial tools for intelligence gathering.