New Windows zero-day feared abused in widespread espionage for years

Posted on by

Requests sent to Microsoft for comments did not receive a response until the publishing of this article.

North Korea, Iran, Russia among top abusers

ZDI reports widespread abuse of the vulnerability by multiple APT groups, including state-sponsored actors like Evil Corp, Kimsuky (APT43), Earth Imp (Konni), Earth Anasi (Bitter), and Earth Manticore.

“Our analysis revealed that 11 state-sponsored groups from North Korea, Iran, Russia, and China have employed ZDI-CAN-25373 in operations primarily motivated by cyber espionage and data theft.” ZDI team added. ZDI identified large-scale instances of the exploit across a variety of campaigns dating back to 2017.