A Chinese-linked hacking group is exploiting the Windows zero-day vulnerability CVE-2025-9491 to target European diplomats and government agencies, deploying PlugX RAT malware through spearphishing campaigns. Experts attribute these operations to UNC6384 (Mustang Panda), highlighting the growing scope of their cyber-espionage activities across Europe. #CVE2025-9491 #MustangPanda
Keypoints
- The attack utilizes spearphishing emails with malicious LNK files related to diplomatic and military meetings.
- The zero-day flaw CVE-2025-9491 affects how Windows handles .LNK shortcut files, enabling remote code execution.
- Malware used in the campaign includes PlugX RAT, Ursnif, Gh0st RAT, and Trickbot payloads.
- Threat actors trick victims into opening malicious files or visiting malicious websites to exploit the vulnerability.
- Microsoft has not yet issued an official patch, so network defenders are advised to block .LNK files and related C2 connections.