← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC—Deception in Depth: PRC-Nexus Espionage Campaign Hijacks Web Traffic to Target Diplomats
WHITE celestre 2025-08-28 Modified: 2025-09-27
20
IOCs
MEDIUM VOLUME
In March 2025, Google Threat Intelligence Group (GTIG) identified a complex, multifaceted campaign attributed to the PRC-nexus threat actor UNC6384. The campaign targeted diplomats in Southeast Asia and other entities globally. GTIG assesses this was likely in support of cyber espionage operations aligned with the strategic interests of the People's Republic of China (PRC).
file pathname ioclanding pagemsi packagehosting ipc2 ipmsiewindows ntmutex nameknbgxngds rc4
Indicators of Compromise (6 / 20 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 3299866538aff40ca85276f87dd0cefe4eafe167bd64732d67b06af4f3349916 2025-08-28
FileHash-SHA256 65c42a7ea18162a92ee982eded91653a5358a7129c7672715ce8ddb6027ec124 2025-08-28
FileHash-SHA256 6d473212d0cb7ab33a738807745b6cf151a2b5c331656774df59e1a4e2230468 SHA256 of c8744b10180ed59bf96cf79d7559249e9dcf0f90 2025-08-28
FileHash-SHA256 cc4db3d8049043fa62326d0b3341960f9a0cf9b54c2fbbdffdbd8761d99add79 2025-08-28
FileHash-SHA256 d1626c35ff69e7e5bde5eea9f9a242713421e59197f4b6d77b914ed46976b933 2025-08-28
FileHash-SHA256 e787f64af048b9cb8a153a0759555785c8fd3ee1e8efbca312a29f2acb1e4011 2025-08-28
References (1)
↗ https://cloud.google.com/blog/topics/threat-intelligence/prc-nexus-espionage-targets-diplomats