Google has issued a warning over a China-linked cyber-espionage campaign that targeted diplomats in Southeast Asia earlier this year. The company’s Threat Intelligence Group attributed the attacks to a hacking group identified as UNC6384 and suggested the operation likely aligns with China’s strategic interests.
The attackers used social engineering tactics and malware disguised as legitimate software updates to compromise their targets. Patrick Whitsell, a senior security engineer at Google, confirmed that about two dozen individuals downloaded the malicious software. “I would assume diplomats have pretty sensitive documents on their laptops that they’re using for their day-to-day work. And yeah, once you’re on that device, you can get those documents,” he said in a statement to Bloomberg.
Whitsell expressed confidence that the hackers were “China-aligned,” adding that they may be either part of the government or contractors working externally. However, Google has not disclosed the nationalities of the affected diplomats. The company also clarified that the term “UNC” refers to activity linked to a hacking group that has not yet been formally classified.
Malware designed to evade detection
According to Google’s findings, the hackers gained access by compromising Wi-Fi networks used by their targets. They then tricked diplomats into installing malware disguised as an Adobe plug-in—the malicious software, known as SOGU.SEC was injected directly into device memory to avoid detection by traditional security measures.
Whitsell noted that while Google could not determine the exact volume of data stolen, the level of access granted by the malware likely put sensitive diplomatic information at risk. “Once you’re on that device, you can get those documents,” he reiterated, underlining the severity of the attack.
Rising tensions over cybersecurity
The report, based on Google’s findings from March, underscores growing cybersecurity tensions between the United States and China. In July, Microsoft revealed that Chinese state-sponsored hackers were exploiting software vulnerabilities to infiltrate global institutions. Around the same time, Beijing accused US intelligence agencies of targeting Chinese military firms using a different Microsoft flaw.
China has also expressed concerns about the security of Nvidia’s China-specific H20 artificial intelligence chips, signalling deepening mistrust between the two nations over technological security.
This latest revelation highlights the increasingly sophisticated methods employed by state-backed hackers and the growing geopolitical risks associated with cybersecurity breaches targeting high-level diplomatic entities.
