#PlugX

piggo

@pigondrugs.bsky.social

2 days ago

~Zscaler~
A China-nexus group, likely Mustang Panda, is using Middle East conflict lures to deploy the PlugX backdoor in the Persian Gulf.
-
IOCs: 91. 193. 17. 117, www. 360printsol. com
-
#MustangPanda #PlugX #ThreatIntel

Hackread.com

@hackread.bsky.social

4 days ago

China-Linked Hackers Hit Qatar with Backdoor Disguised as War News China-linked hackers targeted Qatar using fake war news lures to spread PlugX backdoor malware and spy on military and energy sectors.

China-linked hackers targeted #Qatar using fake war news to spread PlugX backdoors and launch cyber-espionage attacks on military and energy sectors.

hackread.com/china-hacker...

#CyberSecurity #China #PlugX #CyberAttack #Malware

Cybersecurity News Everyday

@hendryadrian.bsky.social

5 days ago

Exploiting the Crisis: Chinese APTs Weaponize Middle East Tensions to Target Qatar with PlugX Researchers have observed a sharp increase in Chinese-nexus APT operations rapidly pivoting to exploit regional instability, with a clear near-immediate focus on Qatar following recent escalations. Notably, Camaro Dragon launched Operation Epic Fury deploying a PlugX variant via ZIP→LNK→DLL hijack and a separate campaign used a Rust-based loader to hijack nvdaHelperRemote.dll...

Chinese APT groups exploit Middle East tensions to target Qatar, deploying PlugX via ZIP→LNK→DLL hijack and Rust-based loaders delivering Cobalt Strike, linked to Camaro Dragon’s Operation Epic Fury. #Qatar #CamaroDragon #PlugX

StrikeReady Labs

@strikereadylabs.com

2 months ago

#plugx targeting VN
"evv.msi" -> famisu[.]com
e0058681fabb8e49ec780fdd78ec01fd

CyberNetSecIO

@netsecio.bsky.social

4 months ago

⚠️ China-linked hackers (UNC6384) exploit unpatched Windows flaw CVE-2025-9491 to spy on EU diplomats. Attacks use malicious LNK files to deploy PlugX RAT. Microsoft has declined to patch the vulnerability. #CyberEspionage #ZeroDay #PlugX

CyberNetSecIO

@netsecio.bsky.social

4 months ago

⚠️ China-linked hackers (UNC6384) exploit unpatched Windows flaw CVE-2025-9491 to spy on EU diplomats. Attacks use malicious LNK files to deploy PlugX RAT. Microsoft has declined to patch the vulnerability. #CyberEspionage #ZeroDay #PlugX

Progressive robot

@progressiverobot.bsky.social

4 months ago

China-linked group Mustang Panda used a Windows .LNK zero-day (CVE-2025-9491) to spear-phish European diplomats and drop PlugX, researchers warn. Stay vigilant. TechRadar+1

#CyberSecurity #MustangPanda #ZeroDay #PlugX #DeepThreat #InfoSec #DigitalDiplomacy

The Daily Tech Feed

@thedailytechfeed.com

4 months ago

Chinese cyber espionage group UNC6384 exploits Windows shortcut vulnerability to target European diplomats. Stay vigilant against sophisticated phishing attacks. #CyberSecurity #ThreatIntelligence #PlugX #UNC6384 Link: thedailytechfeed.com/chinese-cybe...

Ahmandonk

@ahmandonk.bsky.social

4 months ago

📰 Grup Peretas China Eksploitasi Zero-Day Windows untuk Memata-Matai Diplomat Eropa

👉 Baca artikel lengkap di sini: ahmandonk.com/2025/11/01/windows-zero-...

#arctic #wolf #labs #china #cve-2025-9491 #espionage #mustang #panda #plugx #unc6384 #wind

TechNadu

@technadu.com

4 months ago

China-Linked Hacking Group Targets European Diplomatic Entities in Espionage Campaign Diplomatic entities in Belgium and Hungary were targeted by the UNC6384 hacking group using PlugX malware in a sophisticated cyber-espionage campaign.

More: www.technadu.com/china-linked...

What’s your take - can transparency in vulnerability disclosure be balanced with the risks of rapid exploitation by APTs?
#Cybersecurity #UNC6384 #PlugX #APT #CyberEspionage #Europe #ThreatIntel #TechNadu

TechNadu

@technadu.com

4 months ago

UNC6384, a China-linked APT, targeted European diplomats using PlugX malware & a Windows exploit.

Experts cite links to EU defense-related intelligence ops.

#CyberSecurity #APT #PlugX #UNC6384

@matricedigitale.bsky.social

4 months ago

APT cinesi sfruttano vulnerabilità zero-day in VMware e Windows per spionaggio su sistemi e diplomatici europei, con alert CISA e malware PlugX.

#apt #cina #cisa #MustangPanda #PlugX #unc5174 #vmware #Windows #zeroday
www.matricedigitale.it/2025/10/31/a...

CyberCynical

@cybercynical.bsky.social

5 months ago

China-Linked PlugX and Bookworm Malware Attacks Target Asian Telecom and ASEAN Networks PlugX and Bookworm campaigns strike Asian telecom and ASEAN targets using DLL side-loading and modular RATs.

中国黑客正利用PlugX的新变种，攻击亚太地区电信和制造业 #中国 #APT #恶意软件 #PlugX thehackernews.com/2025/09/chin...

@matricedigitale.bsky.social

5 months ago

Rainyday, Turian e nuova variante PlugX sfruttano il DLL search-order hijacking: analisi TTP, IOC e mitigazioni pratiche per Windows.

#apt #backdoor #cina #CiscoTalos #PlugX #Rainyday #Turian
www.matricedigitale.it/2025/09/27/r...

@matricedigitale.bsky.social

5 months ago

Rainyday, Turian e nuova variante PlugX sfruttano il DLL search-order hijacking: analisi TTP, IOC e mitigazioni pratiche per Windows.

#apt #backdoor #cina #CiscoTalos #plugx #Rainyday #Turian
www.matricedigitale.it/2025/09/27/r...

@lynxintel.bsky.social

5 months ago

🚨 Menace cyber majeure en Asie : PlugX et Bookworm ciblent les télécoms. Nouveaux algorithmes de chiffrement et techniques d'évasion sophistiquées. #Cybersécurité #APT #ChinaHackers #PlugX #Bookworm lynxintel.io/menaces-plugx-et-bookwor...

𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲

@netresec.infosec.exchange.ap.brid.gy

6 months ago

PCAP file from https://app.any.run/tasks/ce2745eb-edac-4e62-b5a9-5d9515b88bc4 loaded in NetworkMiner 3.0 showing parameters extracted from frame 2775.

Google’s report on #UNC6384 lists this certificate as being used in C2 comms by Sogu (#PlugX variant):
eca96bd74fb6b22848751e254b6dc9b8e2721f96

Here’s an @anyrun_app execution, of AdobePlugins.​exe on May 19, which runs CANONSTAGER as well as SOGU.​SEC […]

[Original post on infosec.exchange]

𝙽𝙴𝚃𝚁𝙴𝚂𝙴𝙲

@netresec.infosec.exchange.ap.brid.gy

6 months ago

PCAP file from https://app.any.run/tasks/ce2745eb-edac-4e62-b5a9-5d9515b88bc4 loaded in NetworkMiner 3.0 showing parameters extracted from frame 2775.

Google’s report on #UNC6384 lists this certificate as being used in C2 comms by Sogu (#PlugX variant):
eca96bd74fb6b22848751e254b6dc9b8e2721f96

Here’s a sandbox execution, of AdobePlugins.​exe on May 19, which runs CANONSTAGER as well as SOGU.​SEC […]

[Original post on infosec.exchange]

CyberTaters

@potato.software

6 months ago

UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats reconbee.com/unc6384-depl...

#UNC6348 #PlugX #hijack #diplomats #potatoattack

ReconBee

@reconbee.bsky.social

6 months ago

UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats digitally signed downloader read more about UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats

UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats reconbee.com/unc6384-depl...

#UNC6348 #PlugX #hijack #diplomats #cyberattack

Robert B.

@wilchard11022.bsky.social

1 year ago

FBI Visits Americans Computers While They Slept: Takes on Malware with PlugX Punch "Bold perspectives, inspiring stories, and life challenges on Dammed If You Don’t—global insights with a focus on Florida's vibrant culture."

FBI Visits Americans Computers While They Slept: Takes on Malware with PlugX Punch

READ MORE HERE: dammedifyoudont.blogspot.com/2025/01/visi...

#FBI
#PlugX
#CyberSecurity
#MalwareRemoval
#DigitalDefense
#PlugXEvicted
#GeekSquadFBI
#HackerHunt
#CyberCleanup
#RemoteDeletion
#StateSponsoredHacking

キタきつね

@kitafox.bsky.social

1 year ago

Cases of China-Backed Spy Groups Using Ransomware Come to Light Cyberattacks detected by Trend Micro and Orange Cyberdefense find hackers using malware linked to China-backed groups and ransomware, adding more evidence that nation-state cyberespionage groups are…

中国が支援するスパイ集団がランサムウェアを使用していた事例が明るみに

Cases of China-Backed Spy Groups Using Ransomware Come to Light #SecurityBoulevard (Feb 21)

#中国 #サイバースパイ #ランサムウェア #ShadowPad #PlugX

2rZiKKbOU3nTafniR2qMMSE0gwZ

@2rzikkbou3ntafnir2qmmse0gwz.activitypub.awakari.com.ap.brid.gy

1 year ago

Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines China-linked cyberespio...

www.securityweek.com/chinese-apt-tools-found-...

#Cybercrime #Malware #& #Threats #Nation-State […]

[Original post on securityweek.com]

World Watch OCD

@ocdworldwatch.bsky.social

1 year ago

🆕We publish today the result of a deep-dive investigation into a malicious campaign leveraging #ShadowPad and #PlugX to distribute a previously-undocumented ransomware, dubbed #NailaoLocker.
This campaign targeted 🇪🇺 organizations during S2 2024 and is tied to Chinese TA 🇨🇳.

Nick Espinosa

@nickaesp.com

1 year ago

Compton and Long Beach Hackers Together... YouTube video by Nick Espinosa

Compton and Long Beach Hackers Together... now you know we're in trouble!

#News #TechNews #Cybercrime #Espionage #PlugX #China #Russia #Iran #hacking #privacy

Nick Espinosa

@nickaesp.com

1 year ago

Compton and Long Beach Hackers Together... now you know we're in trouble!

Daily podcast: Compton and Long Beach Hackers Together... now you know we're in trouble!

#News #TechNews #Cybercrime #Espionage #PlugX #China #Russia #Iran #hacking #privacy #podcast