Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day | CyberScoop<\/title> <meta name=\"description\" content=\"Cybercriminals working on behalf of nation-states are actively exploiting a zero-day vulnerability in Microsoft Windows to commit espionage.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-windows-zero-day-exploits-nation-states\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day\"> <meta property=\"og:description\" content=\"Cybercriminals working on behalf of nation-states are actively exploiting a zero-day vulnerability in Microsoft Windows to commit espionage.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-windows-zero-day-exploits-nation-states\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2025-03-20T14:07:40+00:00\"> <meta property=\"article:modified_time\" content=\"2025-03-20T14:07:57+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/nation-state-groups-hit-hundreds-of-organizations-with-microsoft-windows-zero-day-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1739294329g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1740508126g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1740691656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=a815169637cf454b7376\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/83931\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=83931\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-windows-zero-day-exploits-nation-states%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-windows-zero-day-exploits-nation-states%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-83931 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/microsoft-windows-zero-day-exploits-nation-states\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"5.12\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Nominations can be submitted for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.105263157895\">\n<div class=\"single-article__header-content\" readability=\"31.10472972973\">\n<p> Trend Micro researchers discovered and reported the eight-year-old defect to Microsoft six months ago. The company hasn\u2019t made any commitments to patch or remediate the issue. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/nation-state-groups-hit-hundreds-of-organizations-with-microsoft-windows-zero-day.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt=\"Microsoft\" decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/nation-state-groups-hit-hundreds-of-organizations-with-microsoft-windows-zero-day-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/nation-state-groups-hit-hundreds-of-organizations-with-microsoft-windows-zero-day-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/nation-state-groups-hit-hundreds-of-organizations-with-microsoft-windows-zero-day-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/nation-state-groups-hit-hundreds-of-organizations-with-microsoft-windows-zero-day-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/nation-state-groups-hit-hundreds-of-organizations-with-microsoft-windows-zero-day-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/nation-state-groups-hit-hundreds-of-organizations-with-microsoft-windows-zero-day-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/nation-state-groups-hit-hundreds-of-organizations-with-microsoft-windows-zero-day-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/nation-state-groups-hit-hundreds-of-organizations-with-microsoft-windows-zero-day-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/nation-state-groups-hit-hundreds-of-organizations-with-microsoft-windows-zero-day-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/nation-state-groups-hit-hundreds-of-organizations-with-microsoft-windows-zero-day-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> (Jeenah Moon\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"79.840427026268\"><body readability=\"164.23974181651\"><\/p>\n<p>Cybercriminals working on behalf of at least six nation-states are actively exploiting a zero-day vulnerability in Microsoft Windows to commit espionage, steal data and cryptocurrency, according to Trend Micro researchers.<\/p>\n<p>The vulnerability, which <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/25\/c\/windows-shortcut-zero-day-exploit.html\">Trend Micro tracks as ZDI-CAN-25373<\/a>, allows attackers to execute hidden malicious commands due to the way Windows displays the contents of shortcut .lnk files, also known as shell link files, researchers said in a report released Tuesday. A CVE has not been assigned to the vulnerability and Microsoft hasn\u2019t made any commitments to patch or remediate the issue. <\/p>\n<p>State-sponsored groups have been exploiting the zero-day since 2017, largely targeting governments, but also think tanks and organizations in the finance, cryptocurrency, telecom, military and energy sectors, according to researchers. Trend Micro discovered and reported the defect to Microsoft in September.<\/p>\n<p>\u201cWe know of at least 300 different organizations that have been affected by this,\u201d said Dustin Childs, head of threat awareness at Trend Micro\u2019s Zero Day Initiative. Thousands of devices, including several within the same targeted organizations, have been infected with malware delivered via ZDI-CAN-25373 exploits, he said. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThe exploits are ongoing with most activity coming out of the North Korean groups, APT43 and APT37. We\u2019re getting new and live samples every day,\u201d Childs said. The total number of attacks linked to the zero-day vulnerability are likely two-to-three times the amount observed by Trend Micro.<\/p>\n<p>Nearly half of the attacks attributed to nation-state groups are linked to North Korean state-sponsored attackers, according to Trend Micro\u2019s research. \u201cWhenever we see activity out of North Korea, it tends to be financially motivated and crypto,\u201d Childs said. \u201cIt\u2019s almost like their gross domestic product is ransomware.\u201d<\/p>\n<p>State-backed groups from Iran, Russia and China are each linked to roughly 1 in 5 attacks observed by researchers to date. Trend Micro has also attributed attacks to groups working on behalf of India, Pakistan and financially motivated cybercriminals.<\/p>\n<p>\u201cAs a security best practice, we encourage customers to exercise caution when downloading files from unknown sources as indicated in security warnings, which have been designed to recognize and warn users about potentially harmful files,\u201d a Microsoft spokesperson said in a statement. <\/p>\n<p>\u201cWhile the user interface experience described in the report does not meet the bar for immediate servicing under our <a href=\"https:\/\/www.microsoft.com\/en-us\/msrc\/sdlbugbar\">severity classification guidelines<\/a>, we will consider addressing it in a future feature release,\u201d the spokesperson said. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<h5 class=\"wp-block-heading\" id=\"h-exploits-date-back-to-2017\">Exploits date back to 2017<\/h5>\n<p>It is rare, but not unprecedented, for cybercriminals to exploit a zero-day for many years prior to discovery \u2014 eight years in the case of ZDI-CAN-25373. <\/p>\n<p>Yet, \u201cit\u2019s very unusual that there are so many different groups using this in different ways with different purposes,\u201d Childs said. \u201cOnce multiple groups start using the same bug, of course that\u2019s more people sharing the secret. And the more people sharing the secret, the more likely the secret is to get out.\u201d<\/p>\n<p>Trend Micro has attributed exploits to the Russian-based cybercrime group Evil Corp, a suspected South Asian espionage group called Bitter, Konni malware and others. Threat groups backed by India and Pakistan are \u201cessentially using it against each other, pretty much in an identical form,\u201d Childs said.<\/p>\n<p>Cybercriminals are exploiting ZDI-CAN-25373 to target governments for espionage and data theft at more than twice the rate of financially motivated attacks. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The attacks spread across the globe and researchers fear the footholds gained by this yearslong campaign persist. <\/p>\n<p>\u201cThey\u2019ve been so prolific that we haven\u2019t been able to clean them all out everywhere,\u201d Childs said. \u201cIt\u2019s highly likely that they are still in many systems around the world.\u201d<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-novel-malware-payload\">Novel malware payload<\/h5>\n<p>The proof-of-exploit Trend Micro submitted to Microsoft illustrates the novel path cybercriminals are taking to exploit ZDI-CAN-25373. Attackers are exploiting the vulnerability by making shortcut .lnk files look like a different file type and tricking victims into opening executable code embedded in those files.<\/p>\n<p>The user interface problem is such that Windows depicts a file type users expect, but the .lnk appended to the end of the file, which links to a malicious payload, is hidden. Attackers achieve this by hiding command line arguments in malicious whitespace padding that Windows doesn\u2019t display in the allotted space in the user interface, according to Trend Micro. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cThat\u2019s the first time I\u2019ve seen that, although I\u2019m continuously surprised at the ingenuity of hackers and criminals,\u201d Childs said.<\/p>\n<h5 class=\"wp-block-heading\" id=\"h-researchers-question-microsoft-s-response\">Researchers question Microsoft\u2019s response<\/h5>\n<p>Microsoft said it appreciates Trend Micro\u2019s research and disclosure, but noted the methods described in the report are of limited practical use to an attacker. Moreover, Microsoft disputes the need for a prompt \u2014 or, perhaps, any response.<\/p>\n<p>Shortcut files are considered a potentially dangerous file type, and Windows automatically triggers a warning when users try to open a .lnk file downloaded from the internet, the company said. <\/p>\n<p>Companies have to draw a line somewhere between where their responsibility to mitigate risk ends and users\u2019 begins, said Andrew Grotto, research scholar at Stanford University\u2019s Center for International Security and Cooperation. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Yet, Grotto added, Microsoft has a long history of actively exploited zero-day vulnerabilities and threat groups taking advantage of what the company describes as user-interface issues. <\/p>\n<p>\u201cEven if it doesn\u2019t consider this to be a vulnerability in the traditional sense of the word, the fact that it\u2019s been actively exploited, it means there\u2019s still a problem in the product of some kind,\u201d Grotto said. <\/p>\n<p>Addressing this defect and others like it would require Microsoft to fundamentally change how .lnk files work, Childs said. <\/p>\n<p>\u201cIt is very frustrating that Microsoft has chosen not to fix this, either through a security update or saying, \u2018yes, we\u2019re going to do it in the next version,\u2019\u201d Childs said. \u201cBut hopefully with the publication of this, we give the defenders out there enough information to protect their systems and maybe put a little pressure on Microsoft to provide something.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.0122749590835\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/03\/nation-state-groups-hit-hundreds-of-organizations-with-microsoft-windows-zero-day-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-windows-zero-day-exploits-nation-states\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3937,1269,271,282,78,3382,117,3005,513,625,3938,3707,3332,647,3939,46,256,270,3940,288,3172,2281,212,3941,1170],"tags":[3942,1272,277,286,86,3384,119,3022,517,630,3943,3708,3336,240,3944,54,262,276,3945,294,3174,2283,214,3946,1171],"class_list":["post-7463","post","type-post","status-publish","format-standard","hentry","category-apt37","category-apt43","category-china","category-cybercrime","category-cybersecurity","category-evil-corp","category-government","category-india","category-iran","category-microsoft","category-microsoft-windows","category-nation-state-threats","category-nation-state-hackers","category-north-korea","category-pakistan","category-ransomware","category-research","category-russia","category-stanford-university","category-threats","category-trend-micro","category-vulnerability","category-windows","category-zero-day-initiative","category-zero-days","tag-apt37","tag-apt43","tag-china","tag-cybercrime","tag-cybersecurity","tag-evil-corp","tag-government","tag-india","tag-iran","tag-microsoft","tag-microsoft-windows","tag-nation-state-threats","tag-nation-state-hackers","tag-north-korea","tag-pakistan","tag-ransomware","tag-research","tag-russia","tag-stanford-university","tag-threats","tag-trend-micro","tag-vulnerability","tag-windows","tag-zero-day-initiative","tag-zero-days"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/apt37\/\" rel=\"category tag\">APT37<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/apt43\/\" rel=\"category tag\">APT43<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/evil-corp\/\" rel=\"category tag\">Evil Corp<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/india\/\" rel=\"category tag\">India<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/iran\/\" rel=\"category tag\">Iran<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft-windows\/\" rel=\"category tag\">Microsoft Windows<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nation-state-threats\/\" rel=\"category tag\">nation state threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/nation-state-hackers\/\" rel=\"category tag\">nation-state hackers<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/north-korea\/\" rel=\"category tag\">North Korea<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/pakistan\/\" rel=\"category tag\">pakistan<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/stanford-university\/\" rel=\"category tag\">Stanford University<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/trend-micro\/\" rel=\"category tag\">Trend Micro<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/windows\/\" rel=\"category tag\">Windows<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-day-initiative\/\" rel=\"category tag\">Zero Day Initiative<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-days\/\" rel=\"category tag\">zero-days<\/a>","tag_info":"zero-days","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7463"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7463\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7463,"date":"2025-03-20T09:07:40","date_gmt":"2025-03-20T14:07:40","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=83931"},"modified":"2025-03-20T09:07:40","modified_gmt":"2025-03-20T14:07:40","slug":"nation-state-groups-hit-hundreds-of-organizations-with-microsoft-windows-zero-day","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/03\/20\/nation-state-groups-hit-hundreds-of-organizations-with-microsoft-windows-zero-day\/","title":{"rendered":"Nation-state groups hit hundreds of organizations with Microsoft Windows zero-day"},"content":{"rendered":"