← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats | Google Cloud Blog
WHITE Nexus Espionage CyberHunter_NL 2025-08-27 Modified: 2025-09-26
26
IOCs
MEDIUM VOLUME
Google has identified and identified a Chinese government-backed cyber espionage campaign that targeted diplomats in Southeast Asia in March 2025 and is likely to have been carried out by a PRC-nexus threat actor.
canonstagerwindows systemwmshowwindowexitprocessdefwindowprocqueue windowsmessage queuesmessage queuewindows messagegetmessagewloopnexus espionagethreat intelligenceplugxdigitally signedsignedunc6384sogu.sec
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Threat Intelligence PlugX Digitally Signed Signed UNC6384 SOGU.SEC
Indicators of Compromise (7 / 26 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 SSLCertFingerprint YARA domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 00c9a545c4fd77c19a490f5637025f3f MD5 of 3299866538aff40ca85276f87dd0cefe4eafe167bd64732d67b06af4f3349916 2025-08-27
FileHash-MD5 0538e73fc195c3b4441721d4c60d0b96 MD5 of 4ed76fa68ef9e1a7705a849d47b3d9dcdf969e332bd5bcb68138579c288a16d3 2025-08-27
FileHash-MD5 42edaf7ea36a17c9c96465fe68c15dcd MD5 of d1626c35ff69e7e5bde5eea9f9a242713421e59197f4b6d77b914ed46976b933 2025-08-27
FileHash-MD5 52f42a40d24e1d62d1ed29b28778fc45 MD5 of 65c42a7ea18162a92ee982eded91653a5358a7129c7672715ce8ddb6027ec124 2025-08-27
FileHash-MD5 df4a0fa496e7971e9a5fa481dfb83725 MD5 of cc4db3d8049043fa62326d0b3341960f9a0cf9b54c2fbbdffdbd8761d99add79 2025-08-27
FileHash-MD5 f24fe0e35630a1d278e0b617ba1b94cb MD5 of c8744b10180ed59bf96cf79d7559249e9dcf0f90 2025-08-27
FileHash-MD5 fa71d60e43da381ad656192a41e38724 MD5 of e787f64af048b9cb8a153a0759555785c8fd3ee1e8efbca312a29f2acb1e4011 2025-08-27
References (1)
↗ https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats/