Ayoub Aouragh November 02, 2025 1 min read

China-linked hackers exploit Windows flaw to target diplomats

A group of hackers linked to China, known as UNC6384, has been busy targeting European diplomats and government entities, exploiting a flaw in Windows shortcuts. Between September and October 2025, these attacks hit organizations in Hungary, Belgium, Italy, and the Netherlands, as well as agencies in Serbia.

According to Arctic Wolf, the attack kicks off with spear-phishing emails that contain sneaky URLs leading to malicious LNK files disguised as documents about European Commission meetings and NATO workshops. Once clicked, these files take advantage of an unpatched vulnerability, setting off a chain reaction that ultimately installs PlugX malware. This remote access trojan is designed to give hackers a backdoor into sensitive systems, making it a serious threat to national security. If you’re in the diplomatic sector, now’s the time to double-check your cybersecurity measures.

Share this article

Twitter LinkedIn Email

More insights from the team

Continue exploring adjacent research and threat briefings selected for their relevance to this topic.

View all articles

Nov 07, 2025 • 1 min

U.S. Congressional Budget Office faces suspected cyberattack

The U.S. Congressional Budget Office is in hot water after a suspected foreign cyberattack breached its network. The CBO recently confirmed the incident, raising concerns about the potential exposu...

Researchers uncover vulnerabilities in ChatGPT that expose data

Hey there! If you’re a fan of ChatGPT, you might want to pay attention. Researchers just uncovered a bunch of vulnerabilities in OpenAI's latest models, GPT-4o and GPT-5. These issues could let att...

Gootloader malware resurfaces with new tactics after seven months

Gootloader malware is back in the game after a seven-month hiatus, and it’s got some new tricks up its sleeve. This sneaky malware loader is once again using SEO poisoning to push fake websites tha...