Google has reported that a group of hackers linked to China carried out a cyber-espionage campaign earlier this year, targeting diplomats in Southeast Asia.
According to the company’s Threat Intelligence Group, the attacks involved social engineering and malware hidden inside what appeared to be routine software updates. The group behind the campaign has been identified as UNC6384, a label used for hacking activity that is connected but not yet classified under a known group.
Patrick Whitsell, a senior security engineer at Google, said that about two dozen people were tricked into downloading the malicious software. He told Bloomberg News that there is “high confidence” the attackers were aligned with Chinese interests, though he noted they could be either government-backed or outside contractors. Google did not name the countries whose diplomats were affected.
The hackers are said to have first broken into Wi-Fi networks used by their targets. They then persuaded diplomats to install malware disguised as an Adobe plug-in. Once installed, the software named SOGU.SEC was loaded directly into the computer’s memory to avoid detection. Whitsell said this kind of access could have allowed attackers to collect sensitive documents, although he could not confirm how much data was taken.
According to a CNN report, a spokesperson for China’s Ministry of Foreign Affairs said they were unaware of this particular incident and accused the company behind the report of previously spreading false claims about Chinese involvement in cyberattacks.
The findings, published by Google on Tuesday, add to the growing tension between Washington and Beijing over cybersecurity. In July, Microsoft warned that Chinese state-backed hackers were exploiting flaws in its software to break into institutions worldwide. Soon after, China accused the US of carrying out its own cyberattacks on Chinese defence companies, also through Microsoft products.
