The Trend Zero Day Initiative reports that 11 state-sponsored hacker groups from North Korea, Iran, Russia, and China are exploiting a serious Windows vulnerability for espionage and data theft. Over 950 malicious Shell Link (.lnk) files take advantage of this issue, identified as ZDI-CAN-25373. Despite the severity, Microsoft has declined to issue a fix, citing the difficulty of a technical solution. The majority of targeted sectors include government, finance, telecom, and defense, with a prominent prevalence in North America and a global impact.
The ZDI discovered 11 state-backed hacker groups exploiting a critical Windows vulnerability for espionage and data theft, yet Microsoft has chosen not to issue a fix.
Nearly 50% of attackers exploiting the Windows vulnerability are believed to be from North Korea, indicating collaboration and technique-sharing among their cyber groups.
The ZDI found almost 1,000 malicious Shell Link files that exploit the vulnerability ZDI-CAN-25373, revealing the urgent need for security measures in affected sectors.
Despite submitting a proof-of-concept, Microsoft deems direct intervention unnecessary, with experts suggesting that fixing the issue may pose significant technical challenges.
Collection
[
|
...
]