A newly identified threat group known as UAT-10362 has been linked to targeted cyberattacks against non-governmental organizations (NGOs) and academic institutions in Taiwan. The campaign relies on spear-phishing techniques to deploy a sophisticated malware strain called LucidRook. (The Hacker News)

According to researchers at Cisco Talos, the attacks were first observed in October 2025 and involve malicious email lures containing RAR or 7-Zip archives. These archives deliver a dropper named LucidPawn, which ultimately installs the LucidRook malware while displaying decoy documents to avoid suspicion. (The Hacker News)

LucidRook is a highly advanced malware stager that embeds a Lua interpreter along with Rust-based libraries inside a DLL file. This design allows attackers to dynamically download and execute additional payloads, giving them flexibility and stealth during operations. (The Hacker News)

The infection chain operates through two primary methods. One uses a disguised shortcut (LNK) file posing as a PDF, triggering PowerShell scripts and DLL side-loading techniques. The second method involves a fake executable masquerading as legitimate antivirus software, further enhancing the attack’s credibility. (The Hacker News)

Security experts highlight that the attackers rely on advanced techniques such as DLL side-loading, layered payload execution, and anti-analysis mechanisms to remain undetected. These characteristics indicate a well-resourced and highly capable threat actor focused on targeted espionage rather than widespread attacks. (The Hacker News)

The campaign underscores the growing sophistication of cyber threats targeting specific regions and sectors, particularly NGOs and research institutions, where sensitive information can be exploited for intelligence purposes. (IT BOLTWISE x Artificial Intelligence)