throughout order to install the PlugX remote access trojan on compromised systems, a Chinese nation-state group has been seen targeting foreign affairs ministries and embassies throughout Europe. The operation, known as SmugX, has been going on since at least December 2022, according to cybersecurity firm Check Point, which added that it is a part of a larger pattern of Chinese attackers turning their attention to Europe.
According to Check Point, “the campaign leverages novel delivery mechanisms to deploy (most notably - HTML Smuggling) a new variation of PlugX, an implant frequently connected to numerous Chinese threat actors.x000D Although the payload itself resembles those of earlier PlugX variations, the campaign was able to operate undetected for a while because to its delivery strategy’s low detection rates.