Intel Name: Zdi-can-25373: windows shortcut exploit abused as zero-day in widespread apt campaigns – part 2
Date of Scan: March 20, 2025
Impact: High
Summary: The team identified nearly 1,000 malicious .lnk files exploiting ZDI-CAN-25373, a vulnerability that enables attackers to execute hidden commands via crafted shortcuts. These attacks use concealed command-line arguments to deploy malicious payloads, making detection more challenging. The flaw has been exploited by state-sponsored APT groups from North Korea, Iran, Russia, and China. Affected sectors include government, finance, telecom, military, and energy across multiple continents.
