A Chinese nation-state group has been observed targeting Foreign Affairs ministries and embassies in Europe using HTML smuggling techniques to deliver the PlugX remote access trojan on compromised systems.
Cybersecurity firm Check Point said the activity, dubbed SmugX, has been ongoing since at least December 2022, adding it’s part of a broader trend of Chinese adversaries shifting their focus to Europe.
“The campaign uses new delivery methods to deploy (most notably – HTML Smuggling) a new variant of PlugX, an implant commonly associated with a wide variety of Chinese threat actors,” Check Point said.
“Although the payload itself remains similar to the one found in older PlugX variants, its delivery methods result in low detection rates, which until recently helped the campaign fly under the radar.”
images from Hacker News