All news with #unc6384 tag

Chinese-Linked Hackers Exploit Windows Shortcut Flaw

🔎 Researchers at Arctic Wolf Labs uncovered a September–October 2025 cyber-espionage campaign that used a Windows shortcut vulnerability to target Belgian and Hungarian diplomatic entities. The operation, attributed to UNC6384 and likely tied to Mustang Panda (TEMP.Hex), combined spear phishing with malicious .LNK files exploiting ZDI-CAN-25373 and deployed a multi-stage chain ending in the PlugX RAT. Attackers used DLL side-loading, signed Canon utilities and obfuscated PowerShell to extract and execute an encrypted payload while displaying decoy diplomatic PDFs.