CW Pakistan
  • Legacy
    • Legacy Editorial
    • Editor’s Note
  • Academy
  • Wired
  • Cellcos
  • PayTech
  • Business
  • Ignite
  • Digital Pakistan
  • DFDI
  • PSEB
  • PASHA
  • TechAdvisor
  • GamePro
  • Partnerships
  • PCWorld
  • Macworld
  • Infoworld
  • TechHive
  • TechAdvisor
0
0
0
0
0
Subscribe
CW Pakistan
CW Pakistan CW Pakistan
  • Legacy
    • Legacy Editorial
    • Editor’s Note
  • Academy
  • Wired
  • Cellcos
  • PayTech
  • Business
  • Ignite
  • Digital Pakistan
  • DFDI
  • PSEB
  • PASHA
  • TechAdvisor
  • GamePro
  • Partnerships
  • Business

Trend Micro Uncovers Critical Windows Shortcut Vulnerability Exploited by State-Sponsored Hackers

  • March 20, 2025
Total
0
Shares
0
0
0
Share
Tweet
Share
Share
Share
Share

Trend Micro’s Zero Day Initiative (ZDI) has identified a critical vulnerability in Microsoft Windows, labeled ZDI-CAN-25373, which is actively being exploited by state-sponsored Advanced Persistent Threat (APT) groups from North Korea, Iran, Russia, and China. This flaw, which has already impacted multiple countries, including Pakistan, poses a severe cybersecurity risk, particularly for government agencies, financial institutions, telecommunications companies, military facilities, and energy providers. Attackers are exploiting the vulnerability through maliciously crafted Windows shortcut (.lnk) files that allow them to secretly execute commands on a victim’s system. Because these shortcut files appear normal, they can evade traditional security mechanisms, enabling unauthorized access, data theft, and covert espionage operations.

Despite the widespread threat, Microsoft has stated that it does not plan to release an official patch, leaving businesses and organizations worldwide in a highly vulnerable position. The scale of the exploitation is alarming, with Trend Micro detecting nearly 1,000 malicious .lnk files in active use. Given Microsoft’s inaction, cybersecurity experts are warning that organizations relying on vendor-supported patches must adopt independent security strategies to protect themselves.

The exploitation of this vulnerability highlights the growing threat of state-backed cyberattacks. APT groups from North Korea, Iran, Russia, and China have been using this flaw to target critical sectors across the globe. The level of coordination and sophistication behind these attacks suggests a well-organized effort to compromise sensitive information and disrupt key infrastructures. With Microsoft declining to address the vulnerability through a security update, the burden of mitigation falls entirely on businesses and government entities, making the need for advanced cybersecurity measures more urgent than ever.

Security experts strongly recommend that organizations take immediate action by scanning for malicious .lnk files, strengthening endpoint and network security, and deploying real-time threat intelligence tools to detect early indicators of compromise. Since attackers often disguise their activities using command-line tools like cmd.exe or PowerShell, continuous system monitoring is essential to identifying and blocking unauthorized activity. Companies and agencies must also shift toward an “assume breach” mindset, proactively hunting for signs of infiltration rather than relying solely on reactive security measures.

To help organizations defend against this threat, Trend Micro has rolled out specialized protections through its security solutions. Trend Vision One™ – Network Security includes Rule 44844 to detect and block the vulnerability, while Trend Vision One™ – Endpoint Security incorporates Rules 5351, 1012182, and 1012183 to provide targeted detection of attacks executed via HTTP and SMB protocols. These defenses offer an immediate layer of protection for businesses seeking to mitigate the risk associated with ZDI-CAN-25373.

The widespread exploitation of this vulnerability also underscores the critical need for real-time threat monitoring and rapid response capabilities. Periodic cybersecurity scans are no longer sufficient against modern cyber threats, which evolve rapidly and exploit even minor security gaps. Businesses and government agencies must invest in proactive security frameworks that integrate automated detection tools, continuous monitoring, and intelligence-driven response mechanisms to effectively safeguard their digital assets.

One of the most alarming aspects of this vulnerability is that it has been actively exploited since 2017, yet Microsoft has not provided a security patch. This raises significant concerns about the cybersecurity industry’s ability to address emerging threats in a timely manner. Organizations must prioritize real-time threat detection, security intelligence integration, and preemptive mitigation strategies to defend against increasingly sophisticated cyberattacks.

To assist businesses and IT security teams in dealing with this vulnerability, Trend Micro has published a detailed technical report along with a list of Indicators of Compromise (IOCs) to help organizations strengthen their defenses. The research was conducted by cybersecurity experts Peter Girnus and Aliakbar Zahravi, further emphasizing the credibility and urgency of the findings. As cyber threats continue to escalate, organizations must act swiftly to implement adaptive and comprehensive security frameworks. Addressing these vulnerabilities today is crucial to preventing major data breaches and operational disruptions in the future.

Share
Tweet
Share
Share
Share
Previous Article
  • Business

Zong 4G Launches SecureTeen to Enhance Online Safety for Children

  • March 20, 2025
Read More
Next Article
  • Wired

Thunder Energy & TalkPool Partner to Revolutionize AI-Powered Telecom Energy

  • March 21, 2025
Read More
You May Also Like
Read More
  • Business

Azerbaijan to Invest $2 Billion in Pakistan with Focus on Tech, Energy, and Infrastructure Development

  • Press Desk
  • May 28, 2025
Read More
  • Business

Government’s FY26 Budget Targets Rs. 600 Billion in Taxes on Freelancers, YouTubers, and Pensioners

  • Press Desk
  • May 23, 2025
Read More
  • Business

Systems Limited to Temporarily Suspend Trading for Stock Split Implementation at PSX

  • Press Desk
  • May 23, 2025
Read More
  • Business

IMF Sets 11 New Conditions on Pakistan’s Economy Including Budget Approval and Energy Reforms

  • Press Desk
  • May 18, 2025
Read More
  • Business

EduFi and Beaconhouse International College Launch ‘Study Now, Pay Later’ Program to Boost Affordable Education in Pakistan

  • Press Desk
  • May 14, 2025
Read More
  • Business

BankIslami and SEDF Collaborate to Enhance SME Financing and Growth in Sindh

  • Press Desk
  • May 14, 2025
Read More
  • Business

SMEDA Offers 70% Matching Grant for Pakistani SMEs Seeking International Certifications

  • Press Desk
  • May 14, 2025
Read More
  • Business

Dubizzle Group Acquires Property Monitor, Targets $1 Billion IPO in 2025

  • Press Desk
  • May 5, 2025
Trending Posts
  • Falcon-i Secures Official Customs License to Offer Cross-Border Logistics Technology Solutions
    • May 31, 2025
  • 92 News Unveils Pakistan’s First AI News Anchor Delivering Bulletins in Urdu
    • May 31, 2025
  • PMDC Unveils Digital Licensing Portal for Medical and Dental Colleges
    • May 30, 2025
  • CERP and Princeton Launch Long-Term Energy Transition Roadmap for Pakistan
    • May 30, 2025
  • Pakistan’s Freelance Sector Generates $1.65 Billion Amid Push for Women’s Inclusion in Digital Workforce
    • May 30, 2025
about
CWPK Legacy
Launched in 1967 internationally, ComputerWorld is the oldest tech magazine/media property in the world. In Pakistan, ComputerWorld was launched in 1995. Initially providing news to IT executives only, once CIO Pakistan, its sister brand from the same family, was launched and took over the enterprise reporting domain in Pakistan, CWPK has emerged as a holistic technology media platform reporting everything tech in the country. It remains the oldest continuous IT publishing brand in the country and in 2025 is set to turn 30 years old, which will be its biggest benchmark and a legacy it hopes to continue for years to come. CWPK is part of the SPIN/IDG Wakhan media umbrella.
Read more
Explore Computerworld Sites Globally
  • computerworld.es
  • computerworld.com.pt
  • computerworld.com
  • cw.no
  • computerworldmexico.com.mx
  • computerwoche.de
  • computersweden.idg.se
  • computerworld.hu
Content from other IDG brands
  • PCWorld
  • Macworld
  • Infoworld
  • TechHive
  • TechAdvisor
CW Pakistan CW Pakistan
  • CWPK
  • CXO
  • DEMO
  • WALLET

CW Media & all its sub-brands are copyrighted to SPIN-IDG Wakhan Media Inc., the publishing arm of NCC-RP Group. This site is designed by Crunch Collective. ©️1995-2025. Read Privacy Policy.

Input your search keywords and press Enter.