CW Pakistan
  • Legacy
    • Legacy Editorial
    • Editor’s Note
  • Academy
  • Wired
  • Cellcos
  • PayTech
  • Business
  • Ignite
  • Digital Pakistan
  • DFDI
  • PSEB
  • PASHA
  • TechAdvisor
  • GamePro
  • Partnerships
  • PCWorld
  • Macworld
  • Infoworld
  • TechHive
  • TechAdvisor
0
0
0
0
0
Subscribe
CW Pakistan
CW Pakistan CW Pakistan
  • Legacy
    • Legacy Editorial
    • Editor’s Note
  • Academy
  • Wired
  • Cellcos
  • PayTech
  • Business
  • Ignite
  • Digital Pakistan
  • DFDI
  • PSEB
  • PASHA
  • TechAdvisor
  • GamePro
  • Partnerships
  • Business

Trend Micro Uncovers Critical Windows Shortcut Vulnerability Exploited by State-Sponsored Hackers

  • March 20, 2025
Total
0
Shares
0
0
0
Share
Tweet
Share
Share
Share
Share

Trend Micro’s Zero Day Initiative (ZDI) has identified a critical vulnerability in Microsoft Windows, labeled ZDI-CAN-25373, which is actively being exploited by state-sponsored Advanced Persistent Threat (APT) groups from North Korea, Iran, Russia, and China. This flaw, which has already impacted multiple countries, including Pakistan, poses a severe cybersecurity risk, particularly for government agencies, financial institutions, telecommunications companies, military facilities, and energy providers. Attackers are exploiting the vulnerability through maliciously crafted Windows shortcut (.lnk) files that allow them to secretly execute commands on a victim’s system. Because these shortcut files appear normal, they can evade traditional security mechanisms, enabling unauthorized access, data theft, and covert espionage operations.

Despite the widespread threat, Microsoft has stated that it does not plan to release an official patch, leaving businesses and organizations worldwide in a highly vulnerable position. The scale of the exploitation is alarming, with Trend Micro detecting nearly 1,000 malicious .lnk files in active use. Given Microsoft’s inaction, cybersecurity experts are warning that organizations relying on vendor-supported patches must adopt independent security strategies to protect themselves.

The exploitation of this vulnerability highlights the growing threat of state-backed cyberattacks. APT groups from North Korea, Iran, Russia, and China have been using this flaw to target critical sectors across the globe. The level of coordination and sophistication behind these attacks suggests a well-organized effort to compromise sensitive information and disrupt key infrastructures. With Microsoft declining to address the vulnerability through a security update, the burden of mitigation falls entirely on businesses and government entities, making the need for advanced cybersecurity measures more urgent than ever.

Security experts strongly recommend that organizations take immediate action by scanning for malicious .lnk files, strengthening endpoint and network security, and deploying real-time threat intelligence tools to detect early indicators of compromise. Since attackers often disguise their activities using command-line tools like cmd.exe or PowerShell, continuous system monitoring is essential to identifying and blocking unauthorized activity. Companies and agencies must also shift toward an “assume breach” mindset, proactively hunting for signs of infiltration rather than relying solely on reactive security measures.

To help organizations defend against this threat, Trend Micro has rolled out specialized protections through its security solutions. Trend Vision One™ – Network Security includes Rule 44844 to detect and block the vulnerability, while Trend Vision One™ – Endpoint Security incorporates Rules 5351, 1012182, and 1012183 to provide targeted detection of attacks executed via HTTP and SMB protocols. These defenses offer an immediate layer of protection for businesses seeking to mitigate the risk associated with ZDI-CAN-25373.

The widespread exploitation of this vulnerability also underscores the critical need for real-time threat monitoring and rapid response capabilities. Periodic cybersecurity scans are no longer sufficient against modern cyber threats, which evolve rapidly and exploit even minor security gaps. Businesses and government agencies must invest in proactive security frameworks that integrate automated detection tools, continuous monitoring, and intelligence-driven response mechanisms to effectively safeguard their digital assets.

One of the most alarming aspects of this vulnerability is that it has been actively exploited since 2017, yet Microsoft has not provided a security patch. This raises significant concerns about the cybersecurity industry’s ability to address emerging threats in a timely manner. Organizations must prioritize real-time threat detection, security intelligence integration, and preemptive mitigation strategies to defend against increasingly sophisticated cyberattacks.

To assist businesses and IT security teams in dealing with this vulnerability, Trend Micro has published a detailed technical report along with a list of Indicators of Compromise (IOCs) to help organizations strengthen their defenses. The research was conducted by cybersecurity experts Peter Girnus and Aliakbar Zahravi, further emphasizing the credibility and urgency of the findings. As cyber threats continue to escalate, organizations must act swiftly to implement adaptive and comprehensive security frameworks. Addressing these vulnerabilities today is crucial to preventing major data breaches and operational disruptions in the future.

Share
Tweet
Share
Share
Share
Previous Article
  • Business

Zong 4G Launches SecureTeen to Enhance Online Safety for Children

  • March 20, 2025
Read More
Next Article
  • Wired

Thunder Energy & TalkPool Partner to Revolutionize AI-Powered Telecom Energy

  • March 21, 2025
Read More
You May Also Like
Read More
  • Business

Skywell Group to Build EV Assembly Plant in Punjab SEZ Under New Pakistan-China MoU

  • Press Desk
  • June 19, 2025
Read More
  • Business

S&P Global Completes 20 Years in Pakistan, Reaffirms Commitment to Innovation and Empowerment

  • Press Desk
  • June 19, 2025
Read More
  • Business

Aga Khan University Panel to Explore Supply Chain 5.0 and Sustainability on June 20

  • Press Desk
  • June 19, 2025
Read More
  • Business

Careem Halts Ride-Hailing in Pakistan Amid Competition and Economic Pressures

  • Press Desk
  • June 18, 2025
Read More
  • Business

Govt Limits FBR Arrest Authority, Adjusts Cash-on-Delivery Tax Policy

  • Press Desk
  • June 17, 2025
Read More
  • Business

Muhammad Saad Khan Appointed GAFAI Global AI Delegate for Saudi Arabia

  • Press Desk
  • June 15, 2025
Read More
  • Business

Pakistan, China Sign Five-Year Agreement for Technology Transfer and Skilled Labour Training

  • Press Desk
  • June 10, 2025
Read More
  • Business

10Pearls Secures Spot on CRN’s 2025 Solution Provider 500 List for Continued Digital Innovation

  • Press Desk
  • June 7, 2025
Trending Posts
  • Pakistan Showcases IT Investment Opportunities at Concluding US Tech Conference 2025
    • June 21, 2025
  • KPITB Launches Automated Fine Collection System for Greater Transparency Across KP
    • June 21, 2025
  • Alliance Tech Summit 2025 to Spotlight Pakistan’s Position in Global Tech and FDI
    • June 21, 2025
  • E-Commerce Associations Urge Government to Rethink Tax Measures in Finance Bill 2025-26
    • June 21, 2025
  • Sindh Digitizes Hospital and Clinic Licensing via SHCC and SBOSS Collaboration
    • June 20, 2025
about
CWPK Legacy
Launched in 1967 internationally, ComputerWorld is the oldest tech magazine/media property in the world. In Pakistan, ComputerWorld was launched in 1995. Initially providing news to IT executives only, once CIO Pakistan, its sister brand from the same family, was launched and took over the enterprise reporting domain in Pakistan, CWPK has emerged as a holistic technology media platform reporting everything tech in the country. It remains the oldest continuous IT publishing brand in the country and in 2025 is set to turn 30 years old, which will be its biggest benchmark and a legacy it hopes to continue for years to come. CWPK is part of the SPIN/IDG Wakhan media umbrella.
Read more
Explore Computerworld Sites Globally
  • computerworld.es
  • computerworld.com.pt
  • computerworld.com
  • cw.no
  • computerworldmexico.com.mx
  • computerwoche.de
  • computersweden.idg.se
  • computerworld.hu
Content from other IDG brands
  • PCWorld
  • Macworld
  • Infoworld
  • TechHive
  • TechAdvisor
CW Pakistan CW Pakistan
  • CWPK
  • CXO
  • DEMO
  • WALLET

CW Media & all its sub-brands are copyrighted to SPIN-IDG Wakhan Media Inc., the publishing arm of NCC-RP Group. This site is designed by Crunch Collective. ©️1995-2025. Read Privacy Policy.

Input your search keywords and press Enter.