"Cyber spies linked to the Chinese government exploited a Windows shortcut vulnerability disclosed in March - but that Microsoft hasn't fixed yet - to target European diplomats in an effort to steal defense and national security details. Security firm Arctic Wolf attributed the espionage campaign to UNC6384 (aka Mustang Panda, Twill Typhoon), and in research published Thursday detailed how the suspected PRC spies used social engineering and the Windows flaw to deploy PlugX malware against personnel attending diplomatic conferences in September and October."
"UNC6384 is a suspected Beijing-backed crew that, according to Google's Threat Intelligence Group, targeted diplomats in Southeast Asia earlier this year before ultimately deploying the PlugX backdoor - a long-time favorite of Beijing-backed goon squads that allows them to remotely access and control infected machines, steal files, and deploy additional malware. In its latest campaign, UNC6384 targeted diplomats in Belgium, Hungary, Italy, and the Netherlands, along with Serbian government aviation departments during September and October 2025, according to Arctic Wolf."
Chinese-linked UNC6384 exploited an unpatched Windows shortcut vulnerability disclosed in March to target European diplomats and Serbian aviation personnel during September–October 2025. The campaign used highly tailored phishing lures tied to defense, security cooperation, and cross-border infrastructure, combined with the Windows flaw to deliver the PlugX backdoor. PlugX enabled remote access, file theft, and additional malware deployment. Zero Day Initiative hunter Peter Girnus reported the flaw (ZDI-CAN-25373) to Microsoft in March; the vulnerability has been abused since 2017 by multiple state-sponsored groups. Target countries included Belgium, Hungary, Italy, the Netherlands, and Serbia.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]