Particle.news
Download on the App Store
4 ARTICLES
·
4h ago

Google Attributes Southeast Asia Diplomat Hacks to China-Linked UNC6384

The March campaign relied on Wi‑Fi hijacks with a memory‑resident backdoor to penetrate targets.

16 December 2021, Baden-Wuerttemberg, Rottweil: A hacker software is open on a laptop. Photo: Silas Stein/dpa (Photo by Silas Stein/picture alliance via Getty Images)
Image
Image

Overview

  • Google’s Threat Intelligence Group published findings Tuesday tying the operation to UNC6384, a group associated with Mustang Panda, after observing activity against diplomats in Southeast Asia earlier this year.
  • Attackers breached targets’ Wi‑Fi and hijacked web traffic to deliver a fake Adobe plug‑in that installed malware without writing to disk.
  • The malware, dubbed SOGU.SEC, is a heavily obfuscated backdoor with broad capabilities that Google says UNC6384 commonly deploys.
  • About two dozen victims downloaded the malware, and Google said it sent alerts to all impacted users.
  • China’s foreign ministry said it was unaware of the specific situation and accused Google of past false claims, as the disclosure adds to recent industry warnings from Microsoft about China‑linked intrusions and related CISA notifications.