A Chinese threat group known as UNC6384 has been exploiting a Windows shortcut vulnerability (CVE-2025-9491) to target European diplomatic entities with spear-phishing campaigns. This attack leverages malicious LNK files to deliver the PlugX RAT, enabling remote access and control. #UNC6384 #PlugX #CVE-2025-9491 #MustangPanda #EuropeanDiplomats
Keypoints
- The vulnerability CVE-2025-9491 allows malicious code to remain hidden in Windows LNK files.
- UNC6384, linked to Mustang Panda, has been actively exploiting this flaw since September 2025.
- The attacks primarily focus on European diplomats and government officials through spear-phishing emails.
- Exploited LNK files are themed around diplomatic and NATO meetings to trick victims.
- The campaign includes the deployment of PlugX RAT, enabling remote access and malware persistence.
Read More: https://www.securityweek.com/chinese-apt-exploits-unpatched-windows-flaw-in-recent-attacks/