Chinese cyber group breached Hungarian EU diplomats' systems

A China-linked hacking group has targeted European diplomatic networks — including Hungarian systems — in a coordinated cyber-espionage campaign this autumn. The attackers exploited a recently disclosed Windows vulnerability and deployed spyware capable of accessing confidential diplomatic material.

New windows flaw exploited by the attackers

According to a detailed report by Arctic Wolf Labs, the operation began in September and continued through October, focusing on diplomatic missions and government networks. The attackers sought sensitive diplomatic information, including internal briefings, negotiation documents and confidential communications.

The group exploited a freshly weaponised Windows vulnerability and installed PlugX, a long-used espionage tool that enables remote access, data exfiltration and covert surveillance. Once inside, the malware allowed the attackers to take full control of compromised systems.

“The attack begins with personalised emails that appear to relate to diplomatic events. When opened, the attachment triggers a recently identified Windows vulnerability, giving the attackers access to the system. This lets the malware run silently, enabling data theft and long-term monitoring,” the researchers noted.

The UNC6384

UNC6384 is a relatively new China-affiliated threat actor first documented by Google’s threat analysis unit. The group has historically targeted diplomatic entities, initially in Southeast Asia before expanding operations to Europe.

Their tactics include:

highly tailored spear-phishing emails
traffic redirection and decoy websites
digitally-signed installers
memory-resident malware designed to evade detection

PlugX — a tool widely used by Chinese-nexus hacking groups for over a decade — remains a core component of their operations due to its flexibility and stealth.

Huge rise in medicine prices in Hungary? Here’s what could cost way more from January

Hungary also in the crosshairs

The report does not specify what information the attackers may have accessed or the extent of any damage, but the nature of the campaign suggests that the goal was not disruption, but intelligence gathering. Hungary’s role in EU decision-making, NATO membership, and active relations with major powers make it a natural intelligence target.

Such operations rarely aim to disrupt services. Instead, attackers seek early access to classified background notes and negotiation stances — information that can offer strategic insight into EU-level decisions and Hungary’s foreign-policy directions.

Huge rise in medicine prices in Hungary? Here’s what could cost way more from January

Cybersecurity implications

Experts warn that rapid patching and user awareness remain the most effective defences. In diplomatic environments, targeted phishing attempts continue to be the primary entry point — a single convincing invitation or attachment can compromise an entire system.

In practice, this means:

security updates cannot be delayed
links and attachments require strict vigilance
cyber-risk management must be part of everyday routines, not only an IT task

Arctic Wolf notes the campaign shows how quickly advanced groups weaponise new vulnerabilities: even brief delays in patching can carry real national-security risks.

Cyber attacks across Europe

European government networks have faced rising pressure from China-, Russia- and North Korea-linked groups in recent years.

In late September, major airports — including London Heathrow, Brussels and Berlin — reported disruptions linked to an external IT provider, causing delays and flight cancellations. Around the same time, several Western European ministries and public portals experienced short outages after detecting suspicious network activity.

The incidents highlight that diplomatic networks are not the only targets — broader government and infrastructure systems also face constant pressure. As a result, all institutions handling sensitive information, not only foreign ministries, need up-to-date cyber protection.

Cover image: depositphotos.com

Fuel prices in Hungary could rise by this much within days

Iran conflict: latest updates, background and Hungary-related developments🔄

Chinese cyber group breached Hungarian EU diplomats’ systems

Change language:
ZH
IT
DE

New windows flaw exploited by the attackers

The UNC6384

Hungary also in the crosshairs

Cybersecurity implications

Cyber attacks across Europe

Leave a ReplyCancel Reply

Follow our Facebook page to get the latest news about Hungary!

Follow our X (Twitter) page to get the latest news about Hungary!

Subscribe to our Telegram channel to get the latest news about Hungary!

Subscribe to our WhatsApp channel to get the latest news about Hungary!

Fuel prices in Hungary could rise by this much within days

Iran conflict: latest updates, background and Hungary-related developments🔄

Change language: ENZHITDE

New windows flaw exploited by the attackers

The UNC6384

Hungary also in the crosshairs

Leave a ReplyCancel Reply

Change language:
ZH
IT
DE