As cyber threats continue to evolve, state-sponsored groups are now exploiting a significant vulnerability in Windows systems, tracked as ZDI-CAN-25373 by Trend Micro’s Zero Day Initiative. This vulnerability allows attackers to execute hidden malicious commands via crafted Windows shortcut (.lnk) files, leading to arbitrary code execution on affected systems.
You’ve likely heard about the alarming rise in these attacks, as nearly 1,000 malicious .lnk files have already been identified, all leveraging this critical flaw. At least 11 state-sponsored groups are actively exploiting this vulnerability, with notable players like Evil Corp, Kimsuky, Bitter, and Mustang Panda. Countries such as North Korea, Iran, Russia, and China are heavily involved, with North Korea accounting for over 45% of reported attacks.
These groups are targeting a wide range of sectors, including government, financial, telecommunications, military, and energy. If you work in these industries, it’s crucial to stay vigilant as attacks have affected organizations across North America, Europe, Asia, South America, and Australia.
Stay vigilant as state-sponsored cyber attacks target government, financial, telecommunications, military, and energy sectors worldwide.
The malware being used in these campaigns includes notorious families like Lumma Stealer, Remcos RAT, and GuLoader, which are delivered through these crafted .lnk files. Other malware such as Ursnif, Gh0st RAT, and Trickbot have also been linked to these attacks, further complicating the threat landscape.
You should be aware that the payloads can execute silently when a user interacts with a malicious .lnk file, making detection even more challenging. Despite the severity of the situation, Microsoft has classified this flaw as not critical enough for immediate patching. Microsoft’s response has drawn frustration from security professionals, emphasizing the urgency for timely patches.
While they may address it in a future release, current protections like Microsoft Defender are in place to detect and block related threat activities. Microsoft’s Smart App Control can also block malicious files from the internet, providing an additional layer of defense.
Nevertheless, the exploitation techniques used by these attackers are sophisticated. They employ hidden command line arguments within .lnk files, using characters like line feed and carriage return to evade detection.
The Windows user interface often fails to present critical information about these malicious files, allowing for silent execution that can catch users off guard. In a world where cyber threats are ever-present, understanding and mitigating the risks associated with vulnerabilities like ZDI-CAN-25373 is essential for protecting your organization.
McAfee Total Protection 5-Device | AntiVirus Software 2026 for Windows PC & Mac, AI Scam Detection, VPN, Password Manager, Identity Monitoring | 1-Year Subscription with Auto-Renewal | Download
- Device Security: Protects PCs, Macs, phones, and tablets
- AI Scam Detection: Identifies risky texts, emails, and deepfakes
- Secure VPN: Private, unlimited browsing on public Wi-Fi
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Scams, Hacking, and Cybersecurity: The Ultimate Guide to Online Safety and Privacy
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
McAfee Total Protection 5-Device | AntiVirus Software 2026 for Windows PC & Mac, AI Scam Detection, VPN, Password Manager, Identity Monitoring | 1-Year Subscription with Auto-Renewal | Download
- Device Security: Protects PCs, Macs, phones, and tablets
- AI Scam Detection: Identifies risky texts, emails, and deepfakes
- Secure VPN: Private, unlimited browsing on public Wi-Fi
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Mastering Microsoft Endpoint Manager: Deploy and manage Windows 10, Windows 11, and Windows 365 on both physical and cloud PCs
- Comprehensive Endpoint Manager Guide: Deploy and manage Windows devices
- Publisher: Packt Publishing
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
