Arctic Wolf Labs has identified a cyber espionage campaign by the Chinese-affiliated threat actor UNC6384 targeting European diplomatic entities. The campaign exploits the ZDI-CAN-25373 Windows shortcut vulnerability to deliver malicious LNK files, ultimately deploying the PlugX RAT via DLL side-loading of legitimate Canon printer utilities.