New Windows Zero-Day Exploited by Chinese APT: Security Firm

1 week ago 10

News Banner

Israeli threat intelligence firm ClearSky Cyber Security on Thursday revealed that it has seen an APT linked to China exploiting a new Windows vulnerability.

ClearSky has promised to share additional details in an upcoming blog post, but a post on X suggests that the Windows vulnerability has been exploited as a zero-day as no CVE appears to have been assigned yet.

The company said Microsoft is aware of the flaw, but classified it as ‘low severity’.

ClearSky described the issue as a ‘UI vulnerability’ and found evidence of exploitation by the notorious Chinese APT named Mustang Panda.

The security firm has shared some technical details on X:

“When files are extracted from compressed ‘RAR’ files they are hidden from the user. If the compressed files are extracted into a folder, the folder appears empty in the Windows Explorer GUI.

When using the ‘dir’ command to list all files and folders inside the target folder, the extracted files and folders are ‘invisible/hidden’ to the user. Threat actors or users can also execute those compressed files from a command line prompt, if they know the exact path.

As a result of executing ‘attrib -s -h’ to system protected files, an unknown file type is created from the type ‘Unknown’ ActiveX component.”

Advertisement. Scroll to continue reading.

SecurityWeek has reached out to Microsoft for comment and will update this article if the tech giant responds.

Microsoft’s latest round of Patch Tuesday updates addresses over 50 vulnerabilities, including two that have been exploited as zero-days, namely CVE-2025-21391, a Windows Storage privilege escalation issue that can be used to delete files from a system, and CVE-2025-21418, a Windows Ancillary Function driver flaw that can be leveraged to escalate privileges to System.

Read Entire Article

New Windows Zero-Day Exploited by Chinese APT: Security Firm

Looking for an Interim or Fractional CTO to support your business?