China-Linked Espionage: UNC6384 Hacks Windows Zero-Day to Spy on European Diplomats
UNC6384, a China-linked group, is exploiting a Windows zero-day to spy on European diplomats. Using crafty emails and sneaky malware, they’re targeting Hungary, Belgium, and beyond, proving once again that espionage isn’t just for the movies. PlugX malware is their tool of choice, making sure their cyber sleuthing remains under the radar.
Hot Take:
Looks like the UNC6384 group is throwing a diplomatic party, and European diplomats are the unwitting guests of honor. But don’t worry, they’re just here for the state secrets, not the hors d’oeuvres. It’s just another day in international espionage, where the invites are phishing emails and the party favors are malware payloads.
Key Points:
- China-linked APT group UNC6384 targets European diplomats via a Windows zero-day vulnerability.
- The cyber espionage campaign began in September 2025, focusing on Hungary, Belgium, and other EU nations.
- Attackers use social engineering, malicious LNKs, and PlugX malware in their operations.
- The attack chain involves exploiting a Windows shortcut flaw, deploying stealthy malware through DLL side-loading.
- UNC6384’s activities raise serious national security concerns, enabling intelligence collection and potential influence operations.
Already a member? Log in here