ClearSky Cyber Security has identified a UI vulnerability in Microsoft Windows exploited by Mustang Panda, a threat actor linked to Chinese state interests. The flaw manipulates file visibility during RAR archive extraction, causing extracted files to remain hidden in Windows Explorer, making folders appear empty.
These files are not missing but simply hidden from standard navigation, including the command line, where the “dir” command won’t display them.
This makes the vulnerability dangerous, as attackers can still execute hidden files if they know the exact path.
ClearSky noted that threat actors or users can run these files via the command line. By modifying file attributes with commands like “attrib -s -h,” attackers can remove system and hidden flags, potentially triggering unknown file types linked to an “Unknown” ActiveX component.
It reports that this vulnerability is being actively exploited in targeted attacks. While Microsoft has acknowledged it, the issue is classified as low severity, indicating a moderate immediate threat. However, the exploit’s stealthy nature could cause serious security breaches if left unaddressed.
ClearSky Cyber Security plans to release more details in an upcoming blog post, likely covering mitigation strategies and further impact analysis.
This discovery highlights the ongoing battle between cybersecurity researchers and state-sponsored hackers, stressing the need for constant vigilance and software security updates.
Users are advised to stay informed about Microsoft’s software updates and patches to address this and similar vulnerabilities.
IOCs
MD5 Hash of the Exploit: 3bd2eeda66ec057727be8810fee5da38
Leave A Comment