At the end of August, a Zero-Day vulnerability in the display of LNK files in Windows was discovered, but Microsoft has not deemed it highly risky and has no plans for a fix. However, the IT security firm Arctic Wolf has reported that a cyber group linked to China, known as UNC6384, has exploited this vulnerability to conduct espionage against European diplomats across several countries, including Belgium, Italy, and Hungary. The campaign, which took place in September and October, involved spearphishing emails that led to the delivery of malicious LNK files, ultimately installing the PlugX remote access trojan through DLL side-loading. Arctic Wolf suggests blocking .lnk files from untrusted sources and disabling automatic resolution in Windows Explorer to mitigate the risk. Indicators of compromise include specific URLs and the presence of Canon printer helper utilities in unusual directories. This ongoing exploitation might prompt Microsoft to reassess the threat level and address the security gap.
Is a Windows LNK vulnerability putting European diplomats at risk?
