Trend Micro's ongoing investigation revealed an extensive eight-year spying campaign leveraging malicious .LNK shortcut files to download malware. Despite reporting the vulnerability to Microsoft in September, the tech giant deems it a low-priority UI issue, thus leaving users exposed. State-sponsored attackers, predominantly from North Korea, accounted for a significant portion of the threat landscape, with many targets being governmental institutions. Trend Micro identified nearly 1,000 modified shortcut files, indicating a potentially higher number of malicious incidents. The campaign reflects the critical need for addressing security flaws that have been overlooked by major vendors like Microsoft.
After scanning attack patterns, the security shop said it found the vast majority of cases from state-sponsored attackers (around 70 percent) were using this espionage or information theft.
"We told Microsoft but they consider it a UI issue, not a security issue. So it doesn't meet their bar for servicing as a security update." - Dustin Childs, head of threat awareness at the Zero Day Initiative.
The attack method is low-tech but effective, relying on malicious .LNK shortcut files rigged with commands to download malware.
Trend Micro found nearly 1,000 tampered .LNK files in circulation but estimates the actual number of attacks could have been higher.
Collection
[
|
...
]