[ad_1]
[TAIPEI] Diplomats in South-east Asia were targeted in a cyber-espionage campaign earlier this year, likely waged in support of operations aligned with the strategic interests of China, according to Google.
The attacks, using social engineering and malware disguised as innocuous software updates, are attributed to the China-linked UNC6384 group, Alphabet’s Google Threat Intelligence Group said on Monday (Aug 25), citing technical evidence. The “UNC” term applies to hacking activity that is linked but not yet categorised under another group.
About two dozen victims downloaded malware, according to Patrick Whitsell, a senior security engineer at Google. While Google did not specify the nationalities of the affected diplomats, Whitsell told Bloomberg News in an interview that he has high confidence that the attacker is “China-aligned”. Those people can be either inside the government or outside contractors, he added.
A spokesperson for China’s Ministry of Foreign Affairs said that they were not aware of this specific situation, adding that the company behind the report had previously spread false information linking the country to cyberattacks.
The report, detailing Google findings from March, adds to tension between the US and China along cybersecurity lines. Microsoft warned last month that Chinese state-sponsored hackers were exploiting flaws in its software to break into institutions globally, while the government in Beijing this month alleged US spies were launching cyberattacks on Chinese military companies via another Microsoft vulnerability. China also recently questioned the security of Nvidia’s designed-for-China H20 AI chips.
Google said that hackers had breached targets’ Wi-Fi networks, and then abused that access to dupe diplomats into downloading malware disguised as Adobe plug-in software. The malware, called SOGU.SEC, was then installed in the memory of the device to avoid detection, explained Whitsell.
“I would assume diplomats have pretty sensitive documents on their laptops that they are using for their day-to-day work. And yeah, once you are on that device, you can get those documents,” said Whitsell, adding that he was not able to see how much data was sent out or lost. BLOOMBERG
[ad_2]
