VERY IMPORTANT

A Windows .lnk file vulnerability, ZDI-CAN-25373, has been extensively exploited by state-sponsored and cybercriminal groups. The vulnerability allows hidden command execution through crafted shortcut files, exposing organizations to data theft and cyber espionage risks. Nearly 1,000 malicious .lnk files abusing this vulnerability have been identified, with APT groups from North Korea, Iran, Russia, and China involved in the attacks. Targeted sectors include government, finance, telecommunications, military, and energy across North America, Europe, Asia, South America, and Australia. The exploitation leverages hidden command line arguments within .lnk files, complicating detection. Organizations are urged to implement security measures and maintain vigilance against suspicious .lnk files.