Security News New Windows Zero-Day Exploited by Chinese APT: Security Firm

Brownie2019

Level 19
Thread author
Verified
Mar 9, 2019
915
Israeli threat intelligence firm ClearSky Cyber Security on Thursday revealed that it has seen an APT linked to China exploiting a new Windows vulnerability.

ClearSky has promised to share additional details in an upcoming blog post, but a post on X suggests that the Windows vulnerability has been exploited as a zero-day as no CVE appears to have been assigned yet.
The company said Microsoft is aware of the flaw, but classified it as ‘low severity’.
ClearSky described the issue as a ‘UI vulnerability’ and found evidence of exploitation by the notorious Chinese APT named Mustang Panda.
The security firm has shared some technical details on X:
“When files are extracted from compressed ‘RAR’ files they are hidden from the user. If the compressed files are extracted into a folder, the folder appears empty in the Windows Explorer GUI.
When using the ‘dir’ command to list all files and folders inside the target folder, the extracted files and folders are ‘invisible/hidden’ to the user. Threat actors or users can also execute those compressed files from a command line prompt, if they know the exact path.
As a result of executing ‘attrib -s -h’ to system protected files, an unknown file type is created from the type ‘Unknown’ ActiveX component.”
SecurityWeek has reached out to Microsoft for comment and will update this article if the tech giant responds.
Microsoft’s latest round of Patch Tuesday updates addresses over 50 vulnerabilities, including two that have been exploited as zero-days, namely CVE-2025-21391, a Windows Storage privilege escalation issue that can be used to delete files from a system, and CVE-2025-21418, a Windows Ancillary Function driver flaw that can be leveraged to escalate privileges to System.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top