PRCNexus Espionage Campaign Hijacks Web Traffic to Target Diplomats

(520) 462-0516

PRCNexus Espionage Campaign Hijacks Web Traffic to Target Diplomats

A sophisticated cyber espionage campaign attributed to the PRC-nexus threat actor UNC6384 targeted diplomats in Southeast Asia and other global entities. The attack chain involved hijacking web traffic through a captive portal redirect to deliver malware disguised as software updates. The multi-stage attack utilized advanced social engineering, adversary-in-the-middle techniques, and evasion tactics. The malware payload, SOGU.SEC backdoor, was deployed through a digitally signed downloader (STATICPLUGIN) and a side-loaded DLL (CANONSTAGER). The campaign demonstrated the evolving capabilities of PRC-nexus threat actors, employing stealthy tactics to avoid detection and leveraging legitimate Windows features for malicious purposes. Author: AlienVault

Related Tags:
digital signatures

prc-nexus

SOGU.SEC

CANONSTAGER

STATICPLUGIN

in-memory execution

T1553.002

T1218.011

T1132.001

Associated Indicators:
3299866538AFF40CA85276F87DD0CEFE4EAFE167BD64732D67B06AF4F3349916

D1626C35FF69E7E5BDE5EEA9F9A242713421E59197F4B6D77B914ED46976B933

65C42A7EA18162A92EE982EDED91653A5358A7129C7672715CE8DDB6027EC124

ECA96BD74FB6B22848751E254B6DC9B8E2721F96

95A89DFF5E42614E30BA6AAB6623133043F6F122

9E82021FFD943C51B1A164832EA5A6D28B16DEC7

FA71D60E43DA381AD656192A41E38724

52F42A40D24E1D62D1ED29B28778FC45

mediareleaseupdates.com

Threat Intel Solutions

PRCNexus Espionage Campaign Hijacks Web Traffic to Target Diplomats

Search

Popular Posts

Dangerous runC flaws could allow hackers to escape Docker containers

Lost iPhone? Don’t fall for phishing texts saying it was found

NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features

Categories

Pages

Archives

Tags

Follow Us