Subj : Chinese state attack targ
To   : All
From : Mike Powell
Date : Thu Aug 28 2025 09:19 am

Google warns of Chinese state actor hack in real-time following alerts

Date:
Wed, 27 Aug 2025 16:57:00 +0000

Description:
UNC6384 is targeting diplomats in Southeast Asia and elsewhere with backdoors
and other malware.

FULL STORY

Google has issued a warning about a Chinese state-sponsored hacking attack
targeting users in real-time.

The companys cybersecurity arm, the Google Threat Intelligence Group (GTIG),
published a new blog outlining how it saw evidence of a captive portal hijack
being used to deliver malware disguised as an Adobe Plugin update to targeted
entities.

Apparently, this campaign is the work of a group known as UNC6384, a Chinese
state-sponsored actor, possibly tied to Silk Typhoon , a group known for
cyber-espionage campaigns against government, critical infrastructure, and
telco organizations in the West. The campaign, according to Google, targeted
diplomats in Southeast Asia, as well as other entities around the world.

Fake security updates

A captive portal is essentially a login page. It usually pops up on public
networks, such as on airports, or in coffee shops - right after connecting to
the network, but before gaining access to the public internet. Sometimes it
asks users to register an account, and sometimes viewing an ad and clicking
connect is enough to be granted access.

Now, Google claims the Chinese compromised edge devices on those target
networks (routers, firewalls , VPN gateways, and the such), and then used the
instances to hijack the portals and redirect visitors to a malicious landing
page.

Visitors are then prompted to download a security update for Adobe which is,
in fact, malware . The initial payload, an MSI package, installs stage-two
malware including CANONSTAGER and SOGU.SEC. The latter is a backdoor that
connects to the attacker-controlled C2 server and grants unabated access to
the target computer.

Google first observed this attack in March this year and sent out alerts to
Gmail and Workspace users.

Whenever China is accused of engaging in cyber-warfare against its
adversaries in the West, it denies any involvement and repeats its stance
that the US is the biggest cyber-bully right now.

======================================================================
Link to news story:
https://www.techradar.com/pro/security/google-warns-of-chinese-state-actor-hac
k-in-real-time-following-alerts

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.