China-Linked Hackers Targeted Southeast Asian Diplomats, Google Says

Aug 27, 2025 - 09:55

Updated: 9 months ago

China-Linked Hackers Targeted Southeast Asian Diplomats, Google Says

A China-linked hacking group targeted diplomats in Southeast Asia and entities across the globe earlier this year, according to Google.

The attack, detected by Google in March, was “likely in support of cyber espionage operations aligned with the strategic interests of the People’s Republic of China (PRC),” Google’s threat intelligence group said in an Aug. 25 blog post.

Hackers employed tactics such as captive portal hijacking to deliver malware disguised as legitimate software or plugin updates, which ultimately allowed them to install a backdoor into their targets’ systems, according to the post.

Google said all Gmail and Workspace users impacted by this hacking campaign had been notified, though the full scope of the victims was not disclosed.

Google linked the campaign to a band of hackers known as UNC6384, who cyber researchers believed are associated with another China-linked cyberespionage group known as TEMP.Hex or Mustang Panda.

“UNC6384 and TEMP.Hex are both observed to target government sectors, primarily in Southeast Asia, in alignment with PRC strategic interests,” the company said in the post.

U.S. investigators have identified Mustang Panda as a China-based state-sponsored hacker group, responsible for the breach of computers worldwide to steal data via malware.

In January, the Justice Department said that it had successfully deleted the malware—a variant of PlugX—from more than 4,200 computers in the nation.

In a court document filed in federal court in Pennsylvania, authorities stated that the Chinese regime paid the group to develop and deploy the malware, as part of broader cyber espionage efforts.

The FBI’s years-long investigation found that the Mustang Panda group has victimized Western governments and nonprofits in the United States and elsewhere, according to the court record. Significant targets identified by the FBI include European shipping companies, Chinese dissident groups worldwide, and “governments throughout the Indo-Pacific,” including Taiwan, Hong Kong, Japan, South Korea, Mongolia, India, Burma (also known as Myanmar), Indonesia, the Philippines, Thailand, Vietnam, and Pakistan.

The revelation by Google comes amid growing scrutiny of the cyberespionage activities sponsored and deployed by the Chinese Communist Party (CCP).

In July, Microsoft reported that two Chinese state-sponsored hacking groups were involved in a malicious campaign that exploited vulnerabilities in its SharePoint collaboration software.

One group, called Linen Typhoon, was accused of pilfering intellectual property, while another, known as Violet Typhoon, was dedicated to espionage, targeting information from former government employees, military personnel, and organizations related to human rights, finance, and health sectors worldwide, according to Microsoft.

Jeff Hoffmann, senior cyber fellow at The Gold Institute for International Strategy, told The Epoch Times recently that these cyber espionage efforts indicate that the CCP is “really on the move in terms of exploring where there may be vulnerabilities and to show that [it has] a presence.”

“How is this different from nuclear weapons to show that they have deterrence?” he said.

Catherine Yang contributed to this report.