#unc6384 — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #unc6384, aggregated by home.social.
-
China-linked UNC6384 group targets European diplomats via spear-phishing & PlugX malware.
Attack exploited Windows flaw ZDI-CAN-25373.
Full story 👉 https://www.technadu.com/china-linked-hacking-group-targets-european-diplomatic-entities-in-espionage-campaign/612350/ -
China-linked UNC6384 group targets European diplomats via spear-phishing & PlugX malware.
Attack exploited Windows flaw ZDI-CAN-25373.
Full story 👉 https://www.technadu.com/china-linked-hacking-group-targets-european-diplomatic-entities-in-espionage-campaign/612350/ -
China-linked UNC6384 group targets European diplomats via spear-phishing & PlugX malware.
Attack exploited Windows flaw ZDI-CAN-25373.
Full story 👉 https://www.technadu.com/china-linked-hacking-group-targets-european-diplomatic-entities-in-espionage-campaign/612350/ -
China-Linked Hackers Hijack Web Traffic to Deliver Backdoor https://www.securityweek.com/china-linked-hackers-hijack-web-traffic-to-deliver-backdoor/ #Malware&Threats #UNC6384 #China #PlugX
-
China-Linked Hackers Hijack Web Traffic to Deliver Backdoor https://www.securityweek.com/china-linked-hackers-hijack-web-traffic-to-deliver-backdoor/ #Malware&Threats #UNC6384 #China #PlugX
-
China-Linked Hackers Hijack Web Traffic to Deliver Backdoor https://www.securityweek.com/china-linked-hackers-hijack-web-traffic-to-deliver-backdoor/ #Malware&Threats #UNC6384 #China #PlugX
-
China-Linked Hackers Hijack Web Traffic to Deliver Backdoor https://www.securityweek.com/china-linked-hackers-hijack-web-traffic-to-deliver-backdoor/ #Malware&Threats #UNC6384 #China #PlugX
-
China-Linked Hackers Hijack Web Traffic to Deliver Backdoor https://www.securityweek.com/china-linked-hackers-hijack-web-traffic-to-deliver-backdoor/ #Malware&Threats #UNC6384 #China #PlugX
-
China-Linked Hackers Hijack Web Traffic to Deliver Backdoor https://www.securityweek.com/china-linked-hackers-hijack-web-traffic-to-deliver-backdoor/ #Malware&Threats #UNC6384 #China #PlugX
-
China-Linked Hackers Hijack Web Traffic to Deliver Backdoor https://www.securityweek.com/china-linked-hackers-hijack-web-traffic-to-deliver-backdoor/ #Malware&Threats #UNC6384 #China #PlugX
-
China-Linked Hackers Hijack Web Traffic to Deliver Backdoor https://www.securityweek.com/china-linked-hackers-hijack-web-traffic-to-deliver-backdoor/ #Malware&Threats #UNC6384 #China #PlugX
-
Google’s report on #UNC6384 lists this certificate as being used in C2 comms by Sogu (#PlugX variant):
eca96bd74fb6b22848751e254b6dc9b8e2721f96Here’s an @anyrun_app execution, of AdobePlugins.exe on May 19, which runs CANONSTAGER as well as SOGU.SEC:
https://app.any.run/tasks/ce2745eb-edac-4e62-b5a9-5d9515b88bc4It connects to the C2 server on 166.88.2[.]90, which actually provides a different certificate.
🔥 50f990235d7492431f57953cec14a478fb662c8d
🔥 SAN: *.crossfitolathe.com