Cyber spies linked to the Chinese government exploited a Windows shortcut vulnerability disclosed in March – but that Microsoft hasn't fixed yet – to target European diplomats in an effort to steal defense and national security details.

Security firm Arctic Wolf attributed the espionage campaign to UNC6384 (aka Mustang Panda, Twill Typhoon), and in research published Thursday detailed how the suspected PRC spies used social engineering and the Windows flaw to deploy PlugX malware against personnel attending diplomatic conferences in September and October.

"This campaign demonstrates UNC6384's capability for rapid vulnerability adoption within six months of public disclosure, advanced social engineering leveraging detailed knowledge of diplomatic calendars and event themes, and operationa

See Full Page