Crime & Investigations - August 26, 2025

Google Exposes China-Linked Cyber Espionage Campaign Targeting Diplomats in Southeast Asia

In a recent disclosure, Google’s Threat Analysis Group has identified a Chinese-linked cyber espionage group that targeted diplomats across Southeast Asia. The group, suspected of operating with strategic interests aligned with the Chinese government, was responsible for a campaign in March that hijacked web traffic, downloaded malware, and ultimately deployed a backdoor.

According to Google’s Tuesday blog post, the campaign involved a malware known as SOGU.SEC, a sophisticated and highly obfuscated malware backdoor capable of a wide range of functions. The group responsible for this campaign has been identified as UNC6384, which is associated with the China-linked threat actor Mustang Panda or TEMP.Hex.

Google noted that UNC6384 and TEMP.Hex primarily target government sectors, particularly in Southeast Asia, aligning with the strategic interests of the People’s Republic of China (PRC). The company highlighted this campaign as a demonstration of UNC6384’s operational advancements and the sophistication of PRC-linked cyber threat actors.

Google has taken measures to alert all users affected by this campaign, but details regarding the extent of impact and the specific Southeast Asian countries targeted were not disclosed in the blog post.

When asked about Google’s findings on Tuesday, a spokesperson for China’s foreign ministry claimed ignorance of the situation while accusing Google of spreading false information about so-called ‘Chinese hacker attacks’ on multiple occasions.

For years, US officials have grappled with China’s formidable cyber capabilities. The FBI has stated that China operates the largest hacking program among all foreign governments combined. Numerous recent hacks have been reported by the US government, including several significant incidents this year.

Recently, tech companies have become more forthcoming in publicly acknowledging state-sponsored or state-aligned hacking campaigns. This transparency follows Microsoft’s reports of hacking attempts involving Chinese state-linked actors, which were followed by an incident last month where vulnerabilities in Microsoft’s SharePoint servers were exploited by some Chinese state actors.

The US government’s Cybersecurity and Infrastructure Security Agency issued a notice following this incident, notifying critical infrastructure organizations that had been impacted, as many US government agencies and companies use Microsoft’s services. Beijing has previously denied its involvement in the hacking of Microsoft.

Recent Posts

Pentagon’s New Press Policy: Impact on Smaller Publication Coverage by Defense Secretary Pete Hegseth

U.S. Drug Cartel Strategy Echoes War on Terror Tactics: A Look at the Administration’s Blueprint

U.N. Urges Taliban to End Internet Blackout in Afghanistan: Crippling Humanitarian Crisis and Freedom of Expression at Stake

Germany Faces Existential Second China Shock as Manufacturing Sector Falters Amidst Rising Chinese Competition

Federal EV Tax Credit Deadline Sparks Record Sales Boom in July-September, but Slower Growth Expected Ahead

U.S.-Israeli Plan Outlines Conditional End to Gaza Conflict, Including Hostage Release and Hamas Disarmament

Thousands of Federal Workers Find Mixed Emotions as Buyout Program Comes to an End, Leaving Uncertain Future Ahead

American Surgeon Transforms Palestinian Woman’s Life Before US Visa Suspension

Massive Collapse at Indonesian Islamic Boarding School: Rescuers Race Against Time to Free Trapped Students as Death Toll Rises

Climate Change Impact on Ocean Rise by 2050: A Regional Perspective by NPR’s Rebecca Hersher