China-Linked Hackers Hit Southeast Asia Diplomats, Google Says

A disturbing trend in cybersecurity has emerged, with diplomatic officials in Southeast Asia being targeted by hackers linked to China, according to a report by Alphabet Inc.'s Google Threat Intelligence Group. The attacks, which began earlier this year, were attributed to the UNC6384 group, a China-linked hacking organization.

The UNC term refers to hacking activity that is linked but not yet categorized under another group. According to Patrick Whitsell, a senior security engineer at Google, about two dozen victims downloaded malware as part of the campaign. While Google did not specify the nationalities of the affected diplomats, Whitsell expressed high confidence that the attacker was "China-aligned."

"Those people can be either inside the government or outside contractors," Whitsell added in an interview with Bloomberg News. The report, detailing Google's findings from March, adds to the growing tension between the US and China along cybersecurity lines.

Microsoft Warns of Chinese State-Sponsored Hackers

Microsoft Corp. recently warned that Chinese state-sponsored hackers were exploiting flaws in its software to break into institutions globally. This comes as part of a broader trend of cyberattacks against Western targets, which have been attributed to the Chinese government.

US Alleges Chinese Cyberattacks on US Military Companies

The US government has also alleged that Chinese hackers were launching cyberattacks on US military companies via another Microsoft vulnerability. This move is seen as an escalation of the ongoing cyber rivalry between the two nations.

China Questions Security of Nvidia AI Chips

China's Ministry of Foreign Affairs recently questioned the security of Nvidia Corp.'s designed-for-China H20 AI chips, citing concerns about their vulnerabilities to cyberattacks. This development adds another layer to the complex web of cybersecurity tensions between China and the US.

The Attack Methodology

According to Google's report, hackers breached targets' Wi-Fi networks and then abused that access to dupe diplomats into downloading malware disguised as Adobe Inc. plug-in software. The malware, called SOGU.SEC, was then installed in the memory of the device to avoid detection.

"I would assume diplomats have pretty sensitive documents on their laptops that they're using for their day-to-day work. And yeah, once you're on that device, you can get those documents," Whitsell explained. "I wasn't able to see how much data was sent out or lost."