一个与中国有联系的团体利用无孔不入的Windows缺陷在欧洲外交目标上部署恶意软件,袭击蔓延到塞尔维亚航空部门。 A China-linked group exploits an unpatched Windows flaw to deploy malware on European diplomatic targets, with attacks spreading to Serbia’s aviation sector.

与中国有联系的黑客集团UNC6384正在积极利用捷径文档中的零天视窗脆弱性,在针对欧洲外交实体(包括比利时和匈牙利的外交实体)的定向袭击中部署PlugX恶意软件。 A China-linked hacking group, UNC6384, is actively exploiting a zero-day Windows vulnerability in shortcut files to deploy the PlugX malware in targeted attacks against European diplomatic entities, including those in Belgium and Hungary. 这种缺陷被称为ZDI-CAN-25373, 允许通过经操纵的LNK文件执行恶意代码, The flaw, known as ZDI-CAN-25373, allows malicious code execution via manipulated LNK files and is being used in conjunction with DLL side-loading and obfuscated PowerShell scripts to evade detection. 这项运动始于2025年9月,使用社会工程战术,如假事件邀请函和过期的可信赖证书,以安装能够窃取和远程访问数据的持久恶意软件。 The campaign, which began in September 2025, uses social engineering tactics like fake event invitations and expired trusted certificates to install persistent malware capable of data theft and remote access. 攻击已经扩大到包括塞尔维亚的航空部门,截至2025年10月31日,漏洞仍未修复. The attacks have expanded to include Serbia’s aviation sector, and the vulnerability remains unpatched as of October 31, 2025. 安全专家警告政府和企业网络面临的持续风险。 Security experts warn of ongoing risks to government and enterprise networks.