: Ensure EDR (Endpoint Detection and Response) tools are configured to flag suspicious PowerShell execution originating from LNK files [4].
: Block external emails containing ZIP or LNK attachments from unknown sources [3].
: Typically delivered via phishing emails containing a link to a compromised website or a direct download of the ZIP file [2, 5].
