Mustang Panda Strikes Again: European Diplomats Caught in Cyber Espionage Web!
Researchers at Arctic Wolf Labs have uncovered a cyber espionage campaign targeting European diplomats, attributing it to UNC6384, linked to Mustang Panda. Using social engineering and the Windows shortcut vulnerability ZDI-CAN-25373, the campaign deploys PlugX malware. With a focus on diplomatic entities in Hungary and Belgium, the group demonstrates growing sophistication and geographic expansion.
Hot Take:
Looks like UNC6384 is taking a European vacation, but instead of postcards, they’re sending malware and espionage attempts. Who needs a souvenir when you’ve got a Windows shortcut vulnerability to exploit? As usual, Mustang Panda proves that pandas aren’t just cute and cuddly—they’re also sneaky and sophisticated! Watch out, Europe—the cyber zoo is open, and the pandas are on the prowl!
Key Points:
– UNC6384, linked to China’s Mustang Panda, is targeting European diplomatic entities.
– The campaign includes spear phishing and exploits a Windows shortcut vulnerability.
– Malware chain involves PlugX RAT, typical of Chinese threat actors.
– Targets include diplomats from Hungary, Belgium, and possibly Serbia.
– The threat actor’s sophistication and geographic scope are expanding.