A China-linked cyberespionage group, UNC6384, has been deploying sophisticated multi-stage attacks to infect targets with the PlugX backdoor, primarily using social engineering and AitM tactics. These attacks involve compromised edge devices, fake software updates, and digital certificates to evade detection and maintain stealth. #UNC6384 #MustangPanda
Keypoints
- The group hijacks web traffic through captive portals to deliver malware.
- They use digital certificates issued to Chengdu Nuoxin Times Technology Co., Ltd. to sign malicious files.
- Attackers employ advanced social engineering and network redirection techniques, including man-in-the-middle attacks.
- The campaign involves multi-stage deployment, culminating with the PlugX backdoor in memory.
- These tactics enable data theft, remote command execution, and evade traditional endpoint security defenses.
Read More: https://www.securityweek.com/china-linked-hackers-hijack-web-traffic-to-deliver-backdoor/