Google Threat Intelligence Group (GTIG) uncovered a sophisticated cyber-espionage campaign by PRC-linked threat actor UNC6384 targeting diplomats and global entities. The campaign utilized hijacked captive portals, malware disguised as Adobe updates, and advanced obfuscation techniques to evade detection. #UNC6384 #SOGU.SEC
Keypoints
- UNC6384 exploited captive portals to deliver malware to targeted victims.
- The malware was disguised as a legitimate Adobe plugin update with a valid TLS certificate.
- The attack involved multi-layered delivery, including a downloader, MSI package, and in-memory backdoor deployment.
- Advanced obfuscation techniques allowed the malware to evade detection and blend in with normal web traffic.
- The campaign is linked to PRC-based threat actors with a history of targeting government sectors in Southeast Asia.
Read More: https://securityonline.info/google-threat-intelligence-exposes-unc6384s-stealthy-espionage-campaign/