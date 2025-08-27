Diplomats in Southeast Asia were targeted in a cyber-espionage campaign earlier this year, likely waged in support of operations aligned with the strategic interests of China, according to Google.

The attacks, using social engineering and malware disguised as innocuous software updates, are attributed to the China-linked UNC6384 group, Alphabet Inc.'s Google Threat Intelligence Group said on Monday, citing technical evidence. The "UNC" term applies to hacking activity that is linked but not yet categorized under another group.

About two dozen victims downloaded malware, according to Patrick Whitsell, a senior security engineer at Google. While Google did not specify the nationalities of the affected diplomats, Whitsell told Bloomberg News in an interview that he has high confidence that the attacker is "China-aligned." Those people can be either inside the government or outside contractors, he added.

A spokesperson for China's Ministry of Foreign Affairs said they were not aware of this specific situation, adding that the company behind the report had previously spread false information linking the country to cyberattacks.

The report, detailing Google findings from March, adds to tension between the US and China along cybersecurity lines. Microsoft Corp. warned last month that Chinese state-sponsored hackers were exploiting flaws in its software to break into institutions globally, while the government in Beijing this month alleged US spies were launching cyberattacks on Chinese military companies via another Microsoft vulnerability. China also recently questioned the security of Nvidia Corp.'s designed-for-China H20 AI chips.

Google said hackers had breached targets' Wi-Fi networks, and then abused that access to dupe diplomats into downloading malware disguised as Adobe Inc. plug-in software. The malware, called SOGU.SEC, was then installed in the memory of the device to avoid detection, explained Whitsell.

"I would assume diplomats have pretty sensitive documents on their laptops that they're using for their day-to-day work. And yeah, once you're on that device, you can get those documents," said Whitsell, adding that he wasn't able to see how much data was sent out or lost.

