Nation-state hackers exploit Windows zero-day vulnerability

A recently reported Windows zero-day vulnerability has been exploited by 11 nation-state attackers, including those from North Korea, Russia, and China. The flaw involves malicious shortcut files, known as .LNK files, allowing attackers to run harmful commands on users' systems. This vulnerability has been unpatched for eight years and is still being used for data theft and espionage campaigns. Experts at Trend Micro's Zero Day Initiative (ZDI) expressed concern about Microsoft's lack of urgency in addressing this issue. The vulnerability, tracked as ZDI-CAN-25373, enables attackers to embed harmful code in .LNK files. When these files are opened, the malicious code executes without the user's knowledge. Researchers discovered around 1,000 infected .LNK files, with 70% linked to nation-state actors. Almost half of these attacks were attributed to North Korean hackers, followed by those from Russia, Iran, and China. Government agencies and private firms, including financial organizations, have been the main targets. Dustin Childs from ZDI criticized Microsoft for not treating the vulnerability as a significant security threat. Microsoft acknowledged the situation but indicated it does not meet their criteria for immediate repairs. They did mention that it might be addressed in a future software release.