Cyber Espionage Campaign Targets Diplomats with PlugX Malware

Cyber Security News by CyberSum.net

Published on November 1, 2025 at 03:00 AM

7 sources

A threat actor known as UNC6384 has been targeting diplomatic entities in a cyber-espionage campaign since September. The group exploits a high-severity Windows vulnerability and uses refined social engineering tactics. The attack starts with spear-phishing emails leading to malicious LNK files, which ultimately deploy the PlugX remote access Trojan (RAT). The campaign is expanding across the diplomatic community and government agencies in various regions. Mitigation measures include reviewing and blocking command-and-control infrastructures and conducting security awareness training.

Also Read

Kimsuky Group Deploys HttpTroy Backdoor in Spear-Phishing Attack

The Kimsuky threat actor has been linked to a spear-phishing attack using a new backdoor called HttpTroy. The attack involved a ZIP file disguised as a VPN invoice, which initiated a multi-stage infection process. The backdoor allows attackers to control compromised systems, execute commands, and capture screenshots. The malware employs advanced obfuscation techniques to evade detection.

By Cyber Security News by CyberSum.netNovember 3, 2025 at 03:00 PM