The UAT-10362 threat group is targeting Taiwanese NGOs and universities using LucidRook, a modular Lua-based malware delivered via spear-phishing lures impersonating Trend Micro Worry-Free Business Security Services. The campaign abuses Microsoft Edge for DLL sideloading and exfiltrates data via Gmail’s GMTP protocol to bypass network controls that allowlist Google infrastructure. Organizations with any connection to Taiwanese civil society or regional policy work, or those running Electron/Chromium-based applications susceptible to DLL sideloading, should hunt for msedge.exe loading DLLs from user-writable paths and anomalous Gmail GMTP outbound connections from non-mail processes.