A Chinese hacking group, UNC6384, targeted Hungarian and Belgian diplomatic entities along with other European nations, utilizing spearphishing and exploiting recent Windows vulnerabilities to conduct cyber espionage. The campaign involved malware like PlugX and indicated a strategic focus on NATO, EU policies, and international diplomacy efforts. #UNC6384 #PlugX #MustangPanda #EuropeanDiplomacy #CyberEspionage
Keypoints
- UNC6384, a China-affiliated threat actor, conducted cyber-espionage campaigns targeting European diplomats.
- The campaigns involved spearphishing emails and exploitation of a recently disclosed Windows vulnerability.
- Malware used in the attacks included PlugX, enabling long-term system access and data exfiltration.
- PlugX has been used since 2008 and has evolved to reduce forensic detection.
- The attack efforts reveal a focus on NATO, EU defense activities, and diplomatic policy monitoring.
- Arctic Wolf linked the operations to Mustang Panda, a known Chinese cyber espionage group.
Read More: https://therecord.media/belgium-hungary-diplomatic-entities-hacked-unc6384