A sophisticated Chinese cyber-espionage campaign has targeted diplomatic and government officials across multiple European nations by weaponizing a longstanding, unpatched Windows shortcut vulnerability that Microsoft has declined to address. The campaign, attributed to UNC6384 a threat actor believed linked to the well-known Chinese group Mustang Panda demonstrates how state-sponsored hackers exploit publicly disclosed security flaws that vendors refuse to remediate, creating persistent vulnerabilities for years or even decades.
The Windows shortcut flaw, tracked as ZDI-CAN-25373 and assigned CVE-2025-9491, stems from improper validation in Windows UI parsing that allows command-line instructions to be hidden within .LNK file whitespace. The vulnerability was first identified by the Zero Day Initiative in 2017, yet Microsoft has chosen not to patch it despite the flaw being actively exploited by state-sponsored actors from North Korea, Iran, Russia, and China.
The issue resurfaced publicly in March 2025 when researchers Peter Girnus and Aliakbar Zahravi disclosed details, and Trend Micro submitted a proof-of-concept exploit through its bug bounty program. Microsoft's response was categorical: the company declined to address the vulnerability with a security patch.
The refusal likely stems from the technical reality that patching would risk breaking legacy applications that depend on the current .LNK file design a classic security-versus-compatibility trade-off that has left millions of systems vulnerable for nearly a decade.
Between September and October 2025, UNC6384 conducted a coordinated campaign targeting diplomatic and government entities across Hungary, Belgium, Italy, the Netherlands, and Serbia, as documented by Arctic Wolf researchers. The campaign's sophistication reflects advanced operational capabilities and meticulous intelligence tradecraft.
"The attack begins with spear-phishing emails featuring authentic diplomatic lures meeting agendas, NATO-related workshops, and multilateral coordination events. A particularly convincing example used "Agenda_Meeting 26 Sep Brussels.lnk," referencing an actual European Commission meeting scheduled for September 26, 2025, on facilitating free movement of goods at EU-Western Balkans crossing points."
When recipients open the malicious .LNK file, the exploit chain initiates. PowerShell executes obfuscated commands that decode a TAR archive containing three critical files: a legitimately signed Canon printer assistant utility, a malicious DLL loader (cnmpaui.dll), and an encrypted PlugX remote access trojan payload.
PlugX, also known as Korplug, TIGERPLUG, SOGU, and Destroy RAT, has been in active use since 2008. The malware provides comprehensive remote access capabilities including command execution, keylogging, file upload and download, persistence establishment, and extensive system reconnaissance. Its modular architecture allows operators to deploy specialized plugins for specific operational requirements.
When deployed by UNC6384, PlugX is tracked by Google as SOGU.SEC. The malware implements sophisticated anti-analysis and anti-debugging techniques to resist forensic examination and evade security tools.
The campaign leverages DLL side-loading, exploiting Windows search order mechanisms to load malicious code through legitimate applications. By packaging the malicious DLL alongside a legitimately signed Canon utility, attackers exploit the trust Windows places in signed binaries even when the signing certificate expired in 2018.
This technique demonstrates how attackers weaponize legitimate software components and trust mechanisms to bypass traditional security controls. The tactic has become increasingly prevalent across state-sponsored campaigns.
Arctic Wolf researchers documented alarming refinement of the exploit mechanism. CanonStager artifacts discovered in September and October 2025 showed a dramatic size reduction from approximately 700 KB to 4 KB, indicating active development and optimization for minimal forensic impact.
Additionally, UNC6384 was observed using HTML Application (HTA) files that load external JavaScript to retrieve payloads from Cloudflare CDN infrastructure, further complicating detection and attribution.
The campaign underscores a fundamental cybersecurity governance failure. Microsoft's decision to leave CVE-2025-9491/ZDI-CAN-25373 unpatched for eight years despite documented state-sponsored exploitation prioritizes application compatibility over security.
This creates a persistent vulnerability affecting millions of organizations globally. While Arctic Wolf recommends blocking .LNK files or disabling their execution in Windows Explorer as interim measures, such workarounds are operationally restrictive and don't address the root cause.
UNC6384's shift from Southeast Asian targets to European diplomatic entities suggests either broadened intelligence collection priorities or deployment of new regional operational teams. The breadth of targeting across multiple nations within a compressed timeframe indicates either coordinated large-scale collection operations or multiple parallel teams sharing centrally developed tools.
The targeting of defense cooperation, cross-border policy coordination, and multilateral diplomatic frameworks aligns with stated People's Republic of China strategic intelligence requirements concerning European alliance cohesion and defense initiatives.
The UNC6384 campaign demonstrates that unpatched, publicly disclosed vulnerabilities represent persistent attack surfaces in modern cybersecurity. State-sponsored actors rapidly integrate disclosed exploits into operational tradecraft, as UNC6384 did just six months after public disclosure.
Organizations must assume that known vulnerabilities will be exploited and implement defense-in-depth strategies including endpoint detection, network monitoring, and behavioral analytics. Until Microsoft addresses this vulnerability or until organizations migrate away from legacy .LNK dependencies European diplomats and countless others remain exposed to sophisticated espionage operations leveraging eight-year-old flaws.