China-linked UNC6384 exploits Windows zero-day to spy on European diplomats

China-linked APT group UNC6384 is exploiting a Windows zero-day vulnerability (ZDI-CAN-25373) to spy on European diplomats, using sophisticated techniques like DLL side-loading and PlugX RAT deployment. The campaign, which began in September 2025, targets diplomatic entities in countries including Hungary, Belgium, Serbia, Italy, and the Netherlands with lures themed around EU and NATO events.