Cyber Espionage Campaign Targets Diplomats with PlugX Malware

A threat actor known as UNC6384 has been targeting European diplomatic entities in a cyber-espionage campaign since September. The group exploits a high-severity Windows vulnerability and uses refined social engineering tactics to deliver PlugX malware. The campaign, which initially targeted entities in specific regions, is expanding across the broader diplomatic community. The attack chain involves spear-phishing emails leading to malicious LNK files that exploit the vulnerability and execute obfuscated PowerShell commands. Researchers recommend organizations review and block command-and-control infrastructures and conduct security awareness training to mitigate such attacks.

Latest mentioned: 10-31

Earliest mentioned: 10-30

Sources

thehackernews.com infosecurity-magazine.com gbhackers.com theregister.com therecord.media bleepingcomputer.com darkreading.com cybersum.net

Also Read

BRONZE BUTLER Exploits LANSCOPE Zero-Day for Data Theft

In mid-2025, Secureworks CTU researchers uncovered a sophisticated cyber campaign by the BRONZE BUTLER group, exploiting a zero-day vulnerability in Motex LANSCOPE Endpoint Manager. This group, active since 2010, has a history of targeting specific organizations and government entities. The vulnerability, CVE-2025-61932, allows remote attackers to execute arbitrary commands with SYSTEM privileges. The campaign involved deploying Gokcpdoor and Havoc C2 frameworks, using legitimate tools like goddi and 7-Zip for data exfiltration. International cybersecurity authorities quickly responded, highlighting the severity of the threat.

10-31Read more →