• Google warns of Chinese state actor hack in real-time following a

    From TechnologyDaily@1337:1/100 to All on Wednesday, August 27, 2025 18:15:09
    Google warns of Chinese state actor hack in real-time following alerts

    Date:
    Wed, 27 Aug 2025 16:57:00 +0000

    Description:
    UNC6384 is targeting diplomats in Southeast Asia and elsewhere with backdoors and other malware.

    FULL STORY ======================================================================Google warns of ongoing captive portal hijack attacks Captive portals were being abused to redirect people to fake Adobe update sites The "updates" deployed different malware and backdoors

    Google has issued a warning about a Chinese state-sponsored hacking attack targeting users in real-time.

    The companys cybersecurity arm, the Google Threat Intelligence Group (GTIG), published a new blog outlining how it saw evidence of a captive portal hijack being used to deliver malware disguised as an Adobe Plugin update to targeted entities.

    Apparently, this campaign is the work of a group known as UNC6384, a Chinese state-sponsored actor, possibly tied to Silk Typhoon , a group known for cyber-espionage campaigns against government, critical infrastructure, and telco organizations in the West. The campaign, according to Google, targeted diplomats in Southeast Asia, as well as other entities around the world. Fake security updates

    A captive portal is essentially a login page. It usually pops up on public networks, such as on airports, or in coffee shops - right after connecting to the network, but before gaining access to the public internet. Sometimes it asks users to register an account, and sometimes viewing an ad and clicking connect is enough to be granted access.

    Now, Google claims the Chinese compromised edge devices on those target networks (routers, firewalls , VPN gateways, and the such), and then used the instances to hijack the portals and redirect visitors to a malicious landing page.

    Visitors are then prompted to download a security update for Adobe which is, in fact, malware . The initial payload, an MSI package, installs stage-two malware including CANONSTAGER and SOGU.SEC. The latter is a backdoor that connects to the attacker-controlled C2 server and grants unabated access to the target computer.

    Google first observed this attack in March this year and sent out alerts to Gmail and Workspace users.

    Whenever China is accused of engaging in cyber-warfare against its
    adversaries in the West, it denies any involvement and repeats its stance
    that the US is the biggest cyber-bully right now. You might also like Microsoft says Chinese Silk Typhoon hackers are targeting cloud and IT apps
    to steal business data Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/google-warns-of-chinese-state-actor-hac k-in-real-time-following-alerts


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)