← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC—Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats
WHITE celestre 2025-08-28 Modified: 2025-09-27
20
IOCs
MEDIUM VOLUME
In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities globally. GTIG assesses this was likely in support of cyber espionage operations aligned with the strategic interests of the People's Republic of China (PRC).
file pathname ioclanding pagemsi packagehosting ipc2 ipmsiewindows ntmutex nameknbgxngds rc4
Indicators of Compromise (6 / 20 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 00c9a545c4fd77c19a490f5637025f3f MD5 of 3299866538aff40ca85276f87dd0cefe4eafe167bd64732d67b06af4f3349916 2025-08-28
FileHash-MD5 42edaf7ea36a17c9c96465fe68c15dcd MD5 of d1626c35ff69e7e5bde5eea9f9a242713421e59197f4b6d77b914ed46976b933 2025-08-28
FileHash-MD5 52f42a40d24e1d62d1ed29b28778fc45 MD5 of 65c42a7ea18162a92ee982eded91653a5358a7129c7672715ce8ddb6027ec124 2025-08-28
FileHash-MD5 df4a0fa496e7971e9a5fa481dfb83725 MD5 of cc4db3d8049043fa62326d0b3341960f9a0cf9b54c2fbbdffdbd8761d99add79 2025-08-28
FileHash-MD5 f24fe0e35630a1d278e0b617ba1b94cb MD5 of c8744b10180ed59bf96cf79d7559249e9dcf0f90 2025-08-28
FileHash-MD5 fa71d60e43da381ad656192a41e38724 MD5 of e787f64af048b9cb8a153a0759555785c8fd3ee1e8efbca312a29f2acb1e4011 2025-08-28
References (1)
↗ https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats