Requests despatched to Microsoft for feedback didn’t obtain a response till the publishing of this text.
North Korea, Iran, Russia amongst high abusers
ZDI experiences widespread abuse of the vulnerability by a number of APT teams, together with state-sponsored actors like Evil Corp, Kimsuky (APT43), Earth Imp (Konni), Earth Anasi (Bitter), and Earth Manticore.
“Our evaluation revealed that 11 state-sponsored teams from North Korea, Iran, Russia, and China have employed ZDI-CAN-25373 in operations primarily motivated by cyber espionage and information theft.” ZDI staff added. ZDI recognized large-scale situations of the exploit throughout a wide range of campaigns courting again to 2017.
