~Arcticwolf~
APT UNC6384 exploits Windows flaw ZDI-CAN-25373 to deploy PlugX RAT against European diplomats.
-
IOCs: racineupci. org, dorareco. net, naturadeco. net
-
#PlugX #ThreatIntel #UNC6384
0
0
0
0
Hashtag
#unc6384
Advertisement · 728 × 90
SIGNALS WEEKLY:
A Windows .LNK just became an actual door key. #UNC6384 → PlugX at EU diplomats. CISA drops 2 new KEV vulns (CentreStack/Triofox & CWP) + 5 ICS advisories. Patch what you can, isolate what you can’t. 🗝️🚨
Read → blog.alphahunt.io/signals-week...
#AlphaHunt #Infosec #BlueTeam
0
0
0
0
Chinese cyber espionage group UNC6384 exploits Windows shortcut vulnerability to target European diplomats. Stay vigilant against sophisticated phishing attacks. #CyberSecurity #ThreatIntelligence #PlugX #UNC6384 Link: thedailytechfeed.com/chinese-cybe...
0
0
0
0
📰 Grup Peretas China Eksploitasi Zero-Day Windows untuk Memata-Matai Diplomat Eropa
👉 Baca artikel lengkap di sini: ahmandonk.com/2025/11/01/windows-zero-...
#arctic #wolf #labs #china #cve-2025-9491 #espionage #mustang #panda #plugx #unc6384 #wind
0
0
0
0
More: www.technadu.com/china-linked...
What’s your take - can transparency in vulnerability disclosure be balanced with the risks of rapid exploitation by APTs?
#Cybersecurity #UNC6384 #PlugX #APT #CyberEspionage #Europe #ThreatIntel #TechNadu
1
0
0
0
UNC6384, a China-linked APT, targeted European diplomats using PlugX malware & a Windows exploit.
Experts cite links to EU defense-related intelligence ops.
#CyberSecurity #APT #PlugX #UNC6384
0
0
1
0
Cyberspionage gegen diplomatische Einrichtungen in Europa durch chinesische APT-Gruppe
@AWNetworks #APTGruppe #ArcticWolf #Cybersecurity #Cybersicherheit #Cyberspionage #Phishing #Schwachstelle #UNC6384
netzpalaver.de/2025/...
0
0
0
0
PCAP file from https://app.any.run/tasks/ce2745eb-edac-4e62-b5a9-5d9515b88bc4 loaded in NetworkMiner 3.0 showing parameters extracted from frame 2775.
Google’s report on #UNC6384 lists this certificate as being used in C2 comms by Sogu (#PlugX variant):
eca96bd74fb6b22848751e254b6dc9b8e2721f96
Here’s an @anyrun_app execution, of AdobePlugins.exe on May 19, which runs CANONSTAGER as well as SOGU.SEC […]
[Original post on infosec.exchange]
0
0
0
0
PCAP file from https://app.any.run/tasks/ce2745eb-edac-4e62-b5a9-5d9515b88bc4 loaded in NetworkMiner 3.0 showing parameters extracted from frame 2775.
Google’s report on #UNC6384 lists this certificate as being used in C2 comms by Sogu (#PlugX variant):
eca96bd74fb6b22848751e254b6dc9b8e2721f96
Here’s a sandbox execution, of AdobePlugins.exe on May 19, which runs CANONSTAGER as well as SOGU.SEC […]
[Original post on infosec.exchange]
0
0
0
0
Google individua campagna di spionaggio diplomatico della Cina: hijack captive portal, malware firmati e tecniche avanzate di evasione.
#CANONSTAGER #cina #evidenza #GoogleThreatIntelligenceGroup #SOGU #STATICPLUGIN #UNC6384
www.matricedigitale.it/2025/08/26/c...
0
0
0
0
~Mandiant~
PRC-nexus actor UNC6384 hijacks web traffic via captive portals to deliver signed SOGU.SEC malware to diplomats.
-
IOCs: mediareleaseupdates. com, 103. 79. 120. 72, 166. 88. 2. 90
-
#SOGUSEC #ThreatIntel #UNC6384
0
0
0
0