“This needs to be put in place throughout all Home windows methods, prioritizing endpoints utilized by personnel with entry to delicate diplomatic or coverage info. Whereas this vulnerability was disclosed in March 2025, adoption by menace actors inside months of disclosure necessitates pressing monitoring and countermeasures,” it mentioned.
Organizations may additionally block the command and management (C2) domains utilized by attackers, though these will change over time. As well as, Arctic Wolf recommends that IT groups seek for the presence of Canon printer assistant utilities comparable to cnmpaui.exe, that are a part of the marketing campaign’s exploit chain.
“The breadth of focusing on throughout a number of European nations inside a condensed timeframe suggests both a large-scale coordinated intelligence assortment operation or deployment of a number of parallel operational groups with shared tooling however unbiased focusing on,” Arctic Wolf famous, including that the truth that UNC6384 had jumped on the flaw so shortly because it was made public earlier in 2025 recommended that the group had entry to superior capabilities and assets.
