Google’s Threat Intelligence Group uncovered a cyber espionage campaign by the China-linked threat actor UNC6384 using fake captive portals and advanced tactics to target Southeast Asian diplomats. The campaign involved digitally signed malware and stealthy techniques to avoid detection, highlighting the geopolitical priorities of nation-state cyber activities. #UNC6384 #PlugX #SoutheastAsia #ChinaSpyware
Keypoints
- UNC6384 uses fake captive portals mimicking VPN and update pages to deceive targets.
- The malware is digitally signed to bypass endpoint security measures.
- Adversary-in-the-middle techniques are employed to hide malicious traffic.
- Diplomats and foreign service workers in Southeast Asia are primary targets.
- The campaign reflects geopolitical motives, focusing on strategic intelligence gathering.
Read More: https://thecyberexpress.com/china-espionage-campaign-targets-diplomats/