Microsoft's implementation of default macro blocking across Office documents has prompted North Korean state-sponsored threat operation Scarcruft, also known as APT37, Nickel Foxcroft, RedEyes, InkySquid, Ricochet Chollima, and Reaper, to leverage oversized LNK files to facilitate RokRAT malware delivery since last July, according to The Hacker News.
Article Link: Large LNK files leveraged for RokRAT malware deployment | SC Media