Homeland Security Today

The Missing LNK — Correlating User Search LNK Files

Forensic investigators use LNK shortcut files to recover metadata about recently accessed files, including files deleted after the time of access. In a recent investigation, FireEye Mandiant ...
Dark Reading

North Korean APT Gets Around Macro-Blocking With LNK Switch-Up

North Korea's APT37 threat group is providing fresh evidence of how adversaries have pivoted to using LNK, or shortcut files, to distribute malicious payloads after Microsoft began blocking macros by ...
Bleeping Computer

As Microsoft blocks Office macros, hackers find new attack vectors

We have reported on the use of LNK files by Emotet, Qbot, and IcedID, in all cases masquerading as a Word document to trick the recipient into opening it. However, these link files can be used to ...