UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats

Updated on August 25, 2025

A China-nexus threat actor known as UNC6384 has been attributed to a set of attacks targeting diplomats in Southeast Asia and other entities across the globe to advance Beijing’s strategic interests.
“This multi-stage attack chain leverages advanced social engineering including valid code signing certificates, an adversary-in-the-middle (AitM) attack, and indirect execution techniques to evade…

Read the rest of the story at Read More

Source: The Hacker News

September 25, 2024 Uncategorized

Expert Tips on How to Spot a Phishing Li...

January 14, 2025 Uncategorized

Russian-Linked Hackers Target Kazakhstan...

January 22, 2025 Uncategorized

UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats

Related posts

Expert Tips on How to Spot a Phishing Li...

Russian-Linked Hackers Target Kazakhstan...

Oracle Releases January 2025 Patch to Ad...

Leave a Comment Cancel reply

Recent News

Citrix Patches Three NetScaler Flaws, Confirms Active Exploitation of CVE-2025-7775

New Sni5Gect Attack Crashes Phones and Downgrades 5G to 4G without Rogue Base Station

MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers

ShadowCaptcha Exploits WordPress Sites to Spread Ransomware, Info Stealers, and Crypto Miners

HOOK Android Trojan Adds Ransomware Overlays, Expands to 107 Remote Commands

Google to Verify All Android Developers in 4 Countries to Block Malicious Apps

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

UNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Phishing Campaign Uses UpCrypter in Fake Voicemail Emails to Deliver RAT Payloads