Khaberni - A group of hackers exploited a "zero-day" vulnerability in Windows systems targeting several diplomats across European countries, according to a report by the tech site "Bleeping Computer".
"Arctic Wolf" labs discovered a series of phishing emails that contained malicious files disguised as documents related to various European diplomatic events, whether NATO defense agreements or meetings of the European Commission.
These malicious files aim to exploit a critical vulnerability in Windows systems to install malware that enables remote control of the computer, then access stored sensitive information and monitor all diplomatic communications incoming and outgoing from the device.
The report linked the attack to the hacker group "Mustang Panda", which has been associated with many other cyberattacks, in addition to its connection with the Chinese government, according to "Arctic Wolf" analyses.
The lab confirmed that this group had previously focused its attacks mainly on countries in East Asia, but it seems they have expanded their influence to attack Hungarian and Belgian diplomatic entities and a range of other European organizations, including Serbian government agencies and several diplomatic entities from Italy and the Netherlands.
Despite the severity of the attack, it requires user interaction to install malicious codes (malware) in the Windows system remotely, so the user must visit a malicious page or download malicious files, which initially requires deceiving the user.
This vulnerability is not new, as the "Trend Micro" security report mentioned that it was immediately exploited by 11 hacker groups supported by various governments around the world in March 2025.
The "Bleeping Computer" report indicates that "Microsoft" has not yet closed this vulnerability, despite being aware of it, thus it is being heavily exploited before it is completely closed.
