State-sponsored hackers linked to the Silk Typhoon activity used advanced traffic hijacking techniques to target diplomats and deliver malware. The campaign involved sophisticated impersonation and malware distribution tied to Chinese threat actor TEMP.Hex, also known as Mustang Panda. #SilkTyphoon #MustangPanda
Keypoints
- The hackers hijacked web traffic by compromising an edge device on the target network.
- The attack exploited the Chrome captive portal check to redirect victims to a malicious landing page.
- The campaign involved convincing victims to download a signed Adobe plugin update containing hidden malware.
- The malware payload included SOGU.SEC, a variant of PlugX, capable of remote command and system info collection.
- Google has taken steps to block malicious domains, share detection rules, and alert affected users.