BRUSSELS / LONDON (IT BOLTWISE) – A new wave of cyberattacks controlled from China has targeted European diplomatic and government institutions. The attackers are using an unpatched vulnerability in Windows to spread malicious software and steal sensitive information. These attacks highlight the growing threat of cybercrime and the need for increased security measures.
Today’s daily deals at Amazon! ˗ˋˏ$ˎˊ˗
In an alarming development, Chinese hackers linked to the UNC6384 group have exploited an unpatched vulnerability in Windows to attack European diplomatic and government institutions. These attacks, which took place between September and October 2025, targeted diplomatic organizations in countries such as Hungary, Belgium, Italy and the Netherlands, as well as government agencies in Serbia.
The attack started with spear phishing emails containing URLs that progressed to multiple stages that ultimately resulted in the delivery of malicious LNK files. These files were themed around European Commission meetings and NATO workshops and exploited the ZDI-CAN-25373 vulnerability to trigger a multi-stage attack chain that culminated in the deployment of the PlugX malware.
PlugX, also known as Destroy RAT or Korplug, is a remote access Trojan that provides comprehensive remote access capabilities including command execution, keylogging, and file manipulation. The malware is introduced through DLL sideloading, using a legitimate application as a cover to hide the malicious payload.
The UNC6384 threat was recently analyzed by the Google Threat Intelligence Group, which found overlap with the Mustang Panda hacking group. This group has distributed a variant of PlugX called SOGU.SEC that resides in memory and is difficult to detect.
The attacks highlight China’s strategic interests in European defense cooperation and political coordination. The targeted exploitation of vulnerabilities in widely used software demonstrates the need for increased security measures and international cooperation to combat such threats.
Order an Amazon credit card without an annual fee with a credit limit of 2,000 euros!
Bestseller No. 1 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 2 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 3 ᵃ⤻ᶻ “KI Gadgets”
Bestseller No. 4 ᵃ⤻ᶻ «KI Gadgets»
Bestseller No. 5 ᵃ⤻ᶻ “KI Gadgets”
Please send any additions and information to the editorial team by email to de-info[at]it-boltwise.de. Since we cannot rule out AI hallucinations, which rarely occur with AI-generated news and content, we ask you to contact us via email and inform us in the event of false statements or misinformation. Please don’t forget to include the article headline in the email: “Chinese hackers use Windows vulnerability to attack European diplomats”.
The post Chinese hackers use Windows vulnerability to attack European diplomats appeared first on Veritas News.
