APT36 Malware Campaign Launched Using Windows LNK Files

What happened

APT36 malware campaign was reported after researchers observed a targeted attack leveraging malicious Windows shortcut (LNK) files. The campaign, attributed to the APT36 group, delivers malware via phishing emails disguised as legitimate documents. When opened, LNK files execute payloads that enable persistence, system reconnaissance, and command-and-control communication. Researchers noted the campaign emphasizes stealth and social engineering over software exploits. LNK files bypass some traditional detection mechanisms, making this technique effective against less mature security environments.

Who is affected

Windows users and organizations susceptible to phishing attacks are at risk. Industries with lower email security maturity or insufficient user awareness programs are particularly vulnerable.

Why CISOs should care

LNK-based attacks are simple but effective, bypassing endpoint protections. CISOs must reinforce user awareness and technical controls to prevent compromise and lateral movement.

3 practical actions

1. Restrict LNK execution: Block shortcut files where feasible.
2. Enhance email security: Improve phishing detection controls.
3. User training: Educate staff on suspicious attachments.

John Kevin Hao

+ postsBio ⮌

John Kevin Hao is a news and feature writer covering cybersecurity, technology, and business targeted for professional audiences.

• John Kevin Hao

  CISO Diaries: Alessio Cipolletta on Security in Safety-Critical Aviation Environments
• John Kevin Hao

  FBI Warns of Kali365 Phishing-as-a-Service Platform After April Microsoft 365 Attacks
• John Kevin Hao

  Ukraine Probes Teen Suspect in Cyber Theft Scheme Targeting California Online Shoppers
• John Kevin Hao

  CISO Diaries: Jason Scanlon on Security Culture, Leadership, and the Human Side of Cybersecurity