China-Linked APT Group Unveiled in Sophisticated Global Diplomat Attack
A sophisticated cyber attack targeting diplomats worldwide, including those in Southeast Asia, has been uncovered. The China-linked APT group UNC6384 exploited legitimate Windows features and digitally signed binaries to evade detection, according to Google's Threat Intelligence Group (GTIG).
The campaign, which took place in March 2025, involved the group hijacking web traffic to deliver malware. UNC6384 employed advanced evasion techniques such as API hashing and indirect code execution, demonstrating the sophistication of Chinese threat actors.
Attackers disguised the malware as an Adobe Plugin update, tricking targets into downloading it. The malware then used a multi-stage chain to evade defenses and remain stealthy on infected systems. GTIG has published indicators of compromise (IoCs) and YARA rules to help detect the malware.
The UNC6384 campaign highlights the growing threat of state-sponsored cyber attacks. Linked to the Chinese threat actor TEMP.Hex, also known as Mustang Panda, the group's use of stealthy tactics and advanced adversary-in-the-middle (AitM) techniques underscores the need for robust cybersecurity measures.
Read also:
- Web3 social arcade extends Pixelverse's tap-to-earn feature beyond Telegram to Base and Farcaster platforms.
- Over 5,600 Road Safety Violations Caught in Manchester Trial
- Jaguar Land Rover Resumes Production After Cyberattack, UK Govt & Banks Provide £3.5B Support
- French Police Arrest ShinyHunters Hacker Group Leader After Kering Data Breach
