State-Sponsored Cyber Gangs Exploit .LNK Files: Microsoft Ignores Zero-Day Threat

Malicious .lnk files are the new Swiss Army knife for nation-state actors and cybercrime gangs, expertly wielded for espionage and data theft. Trend Micro’s ZDI unearthed 1,000 of these sneaky shortcuts, with North Korean groups leading the charge. Meanwhile, Microsoft remains blissfully unaware, leaving users to play a digital game of Minesweeper.

3P
Published: March 18, 2025 8:11 pmAdded: March 18, 2025 at 1:38 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Just when you thought you were safe from clicking on suspicious email attachments, along comes the sneaky .lnk file, proving that even the humble Windows shortcut can lead you down a path of cyber doom. Who knew that state-sponsored hackers would find their calling not in coding complex malware, but in creating the world’s most dangerous desktop icons? Microsoft, the ball’s in your court—time to patch things up!

Key Points:

  • 11 state-sponsored APT groups are exploiting .lnk files for espionage and data theft.
  • Trend Micro’s Zero Day Initiative (ZDI) uncovered 1,000 malicious .lnk files used in attacks.
  • Vulnerability ZDI-CAN-25373 is being exploited, with a significant focus on espionage.
  • Microsoft has been notified but has not addressed the zero-day vulnerability.
  • North Korean APTs use oversized .lnk files to evade detection.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?