Summary: Multiple state-sponsored hacking groups have been exploiting a Windows vulnerability known as ZDI-CAN-25373 for cyber espionage and data theft since 2017. Despite the identification of nearly a thousand exploit samples, Microsoft has deemed the issue as not warranting immediate security updates. Researchers indicate the vulnerability allows attackers to execute arbitrary code on affected systems while remaining hidden from users.
Affected: Microsoft Windows systems
Keypoints :
- State-sponsored groups from countries such as North Korea, Iran, Russia, and China have utilized the vulnerability for data theft and espionage.
- The vulnerability involves a User Interface Misrepresentation allowing malicious command-line arguments to be hidden in shortcut files.
- Approximately 70% of attacks are geared towards espionage and information theft, with financial objectives accounting for only 20%.