Attacks leveraging a newly-discovered Windows shortcut zero-day vulnerability have been conducted by almost a dozen state-sponsored threat operations, including Mustang Panda, Kimsuky, Evil Corp, and SideWinder, as part of their cyberespionage and financially-motivated campaigns worldwide since 2017, reports BleepingComputer.
Organizations in the Americas, Europe, East Asia, and Australia have been mainly targeted by intrusions involving the flaw, tracked ZDI-CAN-25373, which could be exploited to run arbitrary code execution on vulnerable Windows systems, according to an analysis from Trend Micro Zero Day Initiative researchers.
Malicious command-line arguments are being concealed in .LNK shortcut files to abuse the security bug, which stems from a User Interface Misrepresentation of Critical Information issue, researchers said.
"Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface," noted Trend Micro. "An attacker can leverage this vulnerability to execute code in the context of the current user."
Microsoft has already acknowledged the vulnerability, with a fix already under consideration.
