UNC6384, a Chinese-affiliated threat actor, has been leveraging a critical Windows shortcut vulnerability to launch attacks on European diplomatic targets across several countries, including Hungary, Belgium, and Italy, from September to October 2025. Researchers from Arctic Wolf have identified a sophisticated cyber espionage campaign that utilizes spearphishing emails containing disguised malicious LNK files. These files, which masquerade as legitimate diplomatic documents, exploit a critical flaw in Windows that allows for silent command execution, bypassing many detection systems.
This campaign marks a significant evolution in UNC6384’s operational capabilities, showcasing their ability to quickly adopt vulnerabilities, such as the ZDI-CAN-25373, disclosed just six months prior. The attack employs a complex multi-stage infection mechanism involving DLL side-loading and a meticulously crafted payload delivered through a legitimate Canon printer utility, which then invokes a remote access trojan known as PlugX. This method not only ensures the attack’s stealth but also establishes persistent access, indicating a high level of sophistication and strategic threat to European government operations.
👉 Pročitaj original: Cyber Security News
