“This must be put in place throughout all Home windows methods, prioritizing endpoints utilized by personnel with entry to delicate diplomatic or coverage data. Whereas this vulnerability was disclosed in March 2025, adoption by risk actors inside months of disclosure necessitates pressing monitoring and countermeasures,” it mentioned.
Organizations might additionally block the command and management (C2) domains utilized by attackers, though these will change over time. As well as, Arctic Wolf recommends that IT groups seek for the presence of Canon printer assistant utilities akin to cnmpaui.exe, that are a part of the marketing campaign’s exploit chain.
“The breadth of concentrating on throughout a number of European nations inside a condensed timeframe suggests both a large-scale coordinated intelligence assortment operation or deployment of a number of parallel operational groups with shared tooling however impartial concentrating on,” Arctic Wolf famous, including that the truth that UNC6384 had jumped on the flaw so shortly because it was made public earlier in 2025 instructed that the group had entry to superior capabilities and assets.
