A Windows .lnk file vulnerability, ZDI-CAN-25373, has been extensively exploited by state-sponsored and cybercriminal groups. The vulnerability allows hidden command execution through crafted shortcut files, exposing organizations to data theft and cyber espionage risks. Nearly 1,000 malicious .lnk files abusing this vulnerability have been identified, with APT groups from North Korea, Iran, Russia, and China involved in the attacks. Targeted sectors include government, finance, telecommunications, military, and energy across North America, Europe, Asia, South America, and Australia. The exploitation leverages hidden command line arguments within .lnk files, complicating detection. Organizations are urged to implement security measures and maintain vigilance against suspicious .lnk files. Author: AlienVault
Related Tags:
command execution
shortcut
South Georgia and the South Sandwich Islands
Georgia
British Indian Ocean Territory
Raspberry Robin
Switzerland
Finland
Norway
Associated Indicators:
03672DAE225AA70A8983AA7D34785F66A35082F364DD1CB3815CD67049437AD7
EE088E6D8AC0F3DBFBD17F556A58D06CC882016FD8A4A8BA2DDCD0CAB5322D23
FCF0CF8A19FA16792771310462D36F3C059ED7D36EF90899316313F4626D24D7
1B75F70C226C9ADA8E79C3FDD987277B0199928800C51E5A1E55FF01246701DB
1617587CCDF5B0344089559ECF8FE7D39F6E07A6A64F74F2B44BFA2C8CB67983
F262588C48D2902992FFD275D2BE6362FE7F02E2F00A44AB8C75AC1A2827C6E9
2FA270CF83B341BC469B0D4430D2B5C3E95109B4B47F4F99C9E878AEAFF8EC33
8A3BB648ECDFFE4E6B0DCDD988C3F28EEB5DCB9E60E84FC4B7F5DB947D77EBB8
B7AFA2662F99EDCDA4BE8539FCC6149176F3CB241A724932CADDA4088CA695EA