A China-linked threat actor, UNC6384, has launched sophisticated attacks on European diplomatic and governmental targets using unpatched Windows shortcut vulnerabilities and spear-phishing campaigns. The attacks involve malware delivery via LNK files exploiting CVE-2025-9491, leading to remote access through PlugX malware. #UNC6384 #PlugX #CVE-2025-9491 #MustangPanda #EuropeanDiplomacy
Keypoints
- UNC6384 has targeted European diplomatic and government entities with spear-phishing emails.
- The attackers exploit CVE-2025-9491, a Windows shortcut vulnerability, to deliver malware.
- Malicious LNK files trigger multi-stage attacks that culminate in deploying PlugX malware.
- The threat actor shows ties to Mustang Panda, using sophisticated techniques like anti-debugging and modular malware architecture.
- The campaign focuses on European defense and diplomatic cooperation, aligning with Chinese strategic interests.
Read More: https://thehackernews.com/2025/10/china-linked-hackers-exploit-windows.html