A new cyber operation is putting diplomatic services and individuals in Europe under pressure. Microsoft has not yet offered a solution.
A Chinese hacking group is using an unpatched Windows vulnerability to gain access to sensitive communications from European diplomats in Belgium, Hungary, and other countries.
Spear Phishing as an Entry Point
The campaign began with sending out emails about NATO workshops and EU meetings. The attachments to those emails appear harmless but exploit CVE-2025-9491: a vulnerability in how Windows processes those shortcuts. One click is enough to install the PlugX trojan, which allows attackers to monitor diplomatic networks for months.
Researchers link the operation to UNC6384, also known as the Mustang Panda hacking collective. This group has been carrying out espionage for Chinese geopolitical interests for years. The campaign started in Hungary and Belgium, but now infections by other criminal cyber gangs are also emerging in organizations in Italy, the Netherlands, and Serbia.
No Solution Yet
Microsoft has not yet released a solution, although the vulnerability is clearly being actively exploited. The company acknowledges the error to BleepingComputer but calls it “not urgent enough” for immediate repair. As a result, every organization with Windows systems remains potentially vulnerable.
As long as the zero-day remains unpatched, a direct opening remains in sensitive European information and networks. In the short term, this attack feels like an isolated incident, but in the long term, it will become clear that our infrastructure is still very vulnerable.