Key Findings UAT-10362, a sophisticated threat actor, conducted targeted spear-phishing campaigns against Taiwanese NGOs and universities starting in October 2025 LucidRook, a Lua-based malware stager, was delivered through password-protected RAR and 7-Zip archives with decryption passwords included in phishing emails Two distinct infection chains were identified: one using Windows Shortcut files and another using .NET executables masquerading as antivirus software Both chain
