Cyberattacks are becoming increasingly common, with hackers finding vulnerabilities in the systems of tech giants and targeting them for exploitation. Many of the threats are said to be China-linked, and in the past, there have been accusations of targeted attacks amidst geopolitical tensions. Now, Google's Threat Intelligence Group (TAG) is said to have uncovered a China-linked cyber espionage group that has been targeting diplomats in Southeast Asia. The group that is known as UNC6384 is said to support its country's political interests, and this is not the first cyberattack they have launched, as it is known for its complex hacking activities.
Google warns about China-linked hackers targeting Southeast Asian diplomats
According to a Bloomberg report, Google claims that about two dozen diplomats have fallen prey to these hacking attempts by China-linked hackers. This is because these attackers resort to social engineering techniques that involve tricking individuals into downloading what seems to be legitimate software updates. What the user would not know is that the hidden malware would help pave the way for attackers to remotely access the compromised systems of the diplomats.
The hackers have been using a method called adversary-in-the-middle attacks that tend to exploit browsers when they connect to public Wi-Fi and get sent to a login screen. The targeted individuals were said to be redirected to download a fake setup called STATICPLUGIN, which carried a valid digital certificate to make it look authentic. Once it was installed, a hidden tool called SOGU.SEC was said to be installed and run on the computer's memory, making it hard to discover. The malware was then used to remotely control the compromised system, steal files, and even carry out commands in a covert manner.
Google has been taking proactive action to halt these malicious campaigns and has since blocked such domains, revoked the compromised certificates, and even notified some of the users that have been affected. These revelations do not come as a surprise, given that diplomats tend to be a prime target for cyberattacks for both negotiations and gathering intelligence, but they do highlight how resourceful these threat actors are becoming.
While China has consistently denied being behind any of the claimed state-sponsored hacking attempts, these types of alleged attacks seem to be on the rise. It has not been long since Singapore warned about a China-linked group, UNC3886, also targeting its critical infrastructure, and now Google is said to be claiming similar hacking attempts. These incidents tend to emphasize the need for Southeast Asian states to prioritize cybersecurity enhancement and even collaborate with tech giants such as Google to uncover hidden digital operations.
Follow Wccftech on Google to get more of our news coverage in your feeds.
