Tag: UNC6384
-
The Evoxt Labyrinth: Unmasking the New Subterranean Infrastructure of China’s PlugX Syndicates
While the majority of the corporate world remains preoccupied with the latest vulnerabilities, a cadre of Chinese threat actors has been stealthily architecting a subterranean infrastructure for cyberespionage. A meticulous forensic analysis of nascent PlugX malware specimens has laid bare an intricate labyrinth of domains and servers orchestrated by Mustang Panda, UNC6384, and RedDelta. Notably,…
-
Shadows in the Browser: The UNC6384 Syndicate Unmasks a New PlugX Variant “Arp”
In January 2026, cybersecurity experts at the Japanese firm IIJ intercepted a novel iteration of the PlugX malware, a formidable instrument frequently deployed in targeted cyber offensives. Subsequent analysis illuminated a potential nexus between this campaign and the UNC6384 syndicate, an entity widely associated with Chinese cyberespionage operations. UNC6384 is believed to operate in close…
-
Diplomatic Spies: Chinese APT UNC6384 Targets NATO Hosts with PlugX Malware
In September and October, researchers at Arctic Wolf Labs uncovered a new wave of cyber-espionage targeting the diplomatic institutions of Hungary and Belgium. According to their findings, the campaign was orchestrated by the Chinese threat group UNC6384, a collective previously noted by major technology companies. Back in August, Google had reported similar activity from the…
-
The Spy on the Network: How a Chinese APT Group Is Hijacking Wi-Fi to Target Diplomats
The Chinese group UNC6384 has launched a series of attacks against diplomats in Southeast Asia and several other countries, acting in the interests of Beijing. The campaign, observed by Google Threat Intelligence Group in the spring of 2025, was marked by a multi-layered scheme involving social engineering, man-in-the-middle attacks, spoofed authentication portals, and even digital…