Israeli threat intelligence firm ClearSky Cyber Security has revealed that a Chinese Advanced Persistent Threat (APT) named Mustang Panda is exploiting a new Windows vulnerability. The company has shared some technical details on X, suggesting the vulnerability was used as a zero-day attack before Microsoft assigned a CVE number.
ClearSky described the issue as a ‘UI vulnerability’ and found evidence of exploitation by Mustang Panda. When compressed files are extracted from RAR files in Windows Explorer, the files can appear empty or ‘invisible’. Threat actors can also execute these files using command-line prompts.
Microsoft’s latest Patch Tuesday updates addressed over 50 vulnerabilities, including two zero-day issues. The company has acknowledged Microsoft is aware of the flaw but classified it as ‘low severity’. SecurityWeek will update this article if Microsoft provides further comment.
Source: https://www.securityweek.com/new-windows-zero-day-exploited-by-chinese-apt-security-firm