Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns

SUMMARY :

A Windows .lnk file vulnerability, ZDI-CAN-25373, has been extensively exploited by state-sponsored and cybercriminal groups. The vulnerability allows hidden command execution through crafted shortcut files, exposing organizations to data theft and cyber espionage risks. Nearly 1,000 malicious .lnk files abusing this vulnerability have been identified, with APT groups from North Korea, Iran, Russia, and China involved in the attacks. Targeted sectors include government, finance, telecommunications, military, and energy across North America, Europe, Asia, South America, and Australia. The exploitation leverages hidden command line arguments within .lnk files, complicating detection. Organizations are urged to implement security measures and maintain vigilance against suspicious .lnk files.

OPENCTI LABELS :

apt,espionage,lnk,windows,zero-day,vulnerability,shortcut,raspberry robin,data theft,command execution


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns