Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017

An unpatched security vulnerability in Microsoft Windows, tracked as ZDI-CAN-25373, has been actively exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia since 2017. This flaw allows attackers to execute hidden malicious commands using specially crafted Windows Shortcut (.LNK) files, complicating detection. Notably, nearly half of the identified threat actors originate from North Korea, indicating possible collaboration among Pyongyang’s cyber units. Targets include governments, financial institutions, think tanks, telecom providers, and defense agencies in countries such as the United States, Canada, South Korea, Vietnam, and Brazil. Despite its severity, Microsoft has classified the issue as low severity and does not plan to release a fix.

1 Like