Undisclosed South Korean electronics manufacturer
February 20, 2026
•[ espionage, DLL side-loading, reconnaissance ]
Ministry of Intelligence and Security (MOIS) (MuddyWater), also tracked as Seedworm, breached a major South Korean electronics manufacturer in February 2026 as part of a broader espionage campaign. The actor spent about one week inside the victim network, abused signed Fortemedia and SentinelOne binaries for DLL side-loading, conducted reconnaissance and credential-access activity, and exfiltrated data through a public file-transfer service.
Undisclosed Hungarian Diplomatic Entities
September 1, 2025
•[ cyber-espionage, phishing, malware ]
China-linked UNC6384 conducted a cyber-espionage campaign beginning Sept 2025 against Hungarian diplomatic entities using EU/NATO-themed phishing emails with malicious .LNK attachments exploiting ZDI-CAN-25373 to deploy PlugX via DLL side-loading. Arctic Wolf Labs attributed the activity to UNC6384.
Undisclosed Belgian Diplomatic Entities
September 1, 2025
•[ cyber-espionage, phishing, malware ]
China-linked UNC6384 conducted a cyber-espionage campaign beginning Sept 2025 against Belgian diplomatic entities using EU/NATO-themed phishing emails with malicious .LNK attachments exploiting ZDI-CAN-25373 to deploy PlugX via DLL side-loading. Arctic Wolf Labs attributed the activity to UNC6384.
