"New Research Delves into the World of Malicious LNK Files and Hackers Behind Them"

There has been an increase in cybercriminals' use of malicious LNK files as a point of entry to download and execute payloads such as Bumblebee, IcedID, and Qakbot. A recent study by cybersecurity experts demonstrated that it is possible to identify relationships between different threat actors by analyzing the metadata of malicious LNK files, revealing information such as the specific tools and techniques used by different groups of cybercriminals. Through this analysis, it is also possible to identify potential links between attacks that appear to be unrelated. According to Guilherme Venere, a researcher at Cisco Talos, with the rising use of LNK files in attack chains, threat actors have begun building and employing tools to generate these files. This includes tools such as NativeOne's mLNK Builder and Quantum Builder, which enable users to produce malicious shortcut files and circumvent security systems. Bumblebee, IcedID, and Qakbot are among the primary malware families that have exploited LNK files for initial access, with Talos detecting links between Bumblebee and IcedID as well as Bumblebee and Qakbot by analyzing the metadata of the artifacts. Multiple samples of LNK files that led to IcedID and Qakbot infections, and those used in various Bumblebee campaigns, were discovered to share the same Drive Serial Number. This article continues to discuss the hackers' use of malicious LNK files. 

THN reports "New Research Delves into the World of Malicious LNK Files and Hackers Behind Them"