Google Reports China-Linked Cyber attacks Targeting Southeast Asian Diplomats

By Faith Barbara N Ruhinda at 1241 EAT on Tuesday 26 August 2025

Diplomats in Southeast Asia were among global targets of a China-linked cyber espionage campaign earlier this year, Google announced Tuesday. The tech giant’s Threat Intelligence Group said the operation was “likely aligned with the strategic interests” of the Chinese government.

According to a detailed blog post, the campaign in March involved hijacking web traffic, downloading malware onto victims’ devices, and ultimately deploying a backdoor to maintain long-term access.

Google confirmed it sent alerts to all users affected by the campaign. However, the company did not disclose the full scope of the attack or specify which Southeast Asian countries were targeted. CNN has reached out to Google for further information.

When asked about Google’s recent findings on Tuesday, a spokesperson for China’s foreign ministry said it was unaware of the specific incident. The spokesperson also accused Google of spreading “false information about so-called ‘Chinese hacker attacks’ more than once.”

For years, US officials from both Republican and Democratic administrations have grappled with the scale and sophistication of China’s cyber operations. The FBI has described China’s hacking program as larger than those of all other foreign governments combined.

Several high-profile cyberattacks attributed to China have been publicly highlighted by the US government in recent years, including at least two major breaches reported this year alone.

Meanwhile, technology companies are increasingly transparent in publicly identifying and attributing state-sponsored or state-aligned cyber campaigns, reflecting a broader effort to raise awareness and counteract such threats.

Google’s revelations come on the heels of recent reports from Microsoft about hacking attempts involving Chinese state-linked actors. Last month, Microsoft disclosed that vulnerabilities in its SharePoint servers—its online collaborative platform—had been exploited by these actors.

The incident prompted the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue a warning, stating it had alerted “critical infrastructure organizations impacted” by the breach, given that many U.S. government agencies and private companies rely on Microsoft’s services.

Beijing has denied any involvement in the Microsoft hacking incidents.

Google has attributed the latest cyber espionage campaign to a China-linked group known as UNC6384, which it says is associated with the broader threat actor Mustang Panda—also referred to as TEMP.Hex.

“UNC6384 and TEMP.Hex are both observed to target government sectors, primarily in Southeast Asia, in alignment with PRC strategic interests,” Google wrote in a blog post, using the acronym for the People’s Republic of China.

The tech giant described the campaign as “a clear example of the continued evolution of UNC6384’s operational capabilities” and said it underscores “the sophistication of PRC-nexus threat actors.”

The malware used in the operation, dubbed SOGU.SEC, was described as “a sophisticated and heavily obfuscated malware backdoor with a wide range of capabilities.” Google noted that this tool is commonly deployed by UNC6384 in cyber espionage campaigns to gain persistent access to targeted networks.

Invest or Donate towards HICGI New Agency Global Media Establishment – Watch video here