China-linked hackers target Southeast Asian diplomats, global entities in cyber espionage campaign

Washington DC [US], August 27 : A hacking group with ties to China targeted diplomats in Southeast Asia and various global entities earlier in the year, as reported by The Epoch Times, citing information from Google.

The attack, which Google identified in March, was deemed "likely in support of cyber espionage operations that align with the strategic interests of the People's Republic of China (PRC)," according to a blog post from Google's threat intelligence group on August 25.

The hackers used strategies such as captive portal hijacking to distribute malware disguised as legitimate software or plugin updates, which ultimately enabled them to implant a backdoor into the systems of their targets, as referenced in the TET report.

Google stated that it had notified all Gmail and Workspace users who were affected by this hacking incident, although the complete extent of the victims remained undisclosed. The campaign was linked to a group of hackers referred to as UNC6384, who cyber researchers believe are connected to another China-affiliated cyberespionage group known as TEMP.Hex or Mustang Panda.

"UNC6384 and TEMP.Hex are both known to focus on government sectors, especially in Southeast Asia, in line with PRC strategic goals," noted the company in the post. U.S. investigators have recognised Mustang Panda as a state-sponsored hacker group based in China, responsible for infiltrating computers worldwide to obtain data through malware, according to the TET report.

In January, the Justice Department announced that it had successfully removed the malware, a variant of PlugX, from over 4,200 computers in the country. In a court filing in a federal court in Pennsylvania, authorities claimed that the Chinese regime had financed the group to create and implement the malware as part of broader cyber espionage initiatives.

The FBI's investigation, which spanned several years, revealed that the Mustang Panda group had targeted Western governments and nonprofits in the U.S. and other nations, based on the court records.

Notable targets identified by the FBI included European shipping firms, worldwide Chinese dissident organisations, and "governments across the Indo-Pacific", including Taiwan, Hong Kong, Japan, South Korea, Mongolia, India, Myanmar, Indonesia, the Philippines, Thailand, Vietnam, and Pakistan, as reported by TET.

The announcement from Google arises amid increased scrutiny regarding cyberespionage activities backed and executed by the Chinese Communist Party (CCP). In July, Microsoft disclosed that two Chinese state-sponsored hacking groups participated in a malicious campaign that exploited weaknesses in its SharePoint collaboration software, according to TET.

One of these groups, called Linen Typhoon, was accused of stealing intellectual property, while another, known as Violet Typhoon, focused on espionage, targeting information from former government officials, military personnel, and organisations involved in human rights, finance, and health sectors globally, as stated by Microsoft.

Jeff Hoffmann, a senior cyber fellow at The Gold Institute for International Strategy, remarked that these cyber espionage efforts signify that the CCP is "actively seeking to explore potential vulnerabilities and to demonstrate that it has a presence," as emphasised in the TET report.

Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor