Diplomats across South-east Asia were the targets of a sophisticated cyber-espionage campaign earlier in 2025, according to Google, in a revelation that adds a new flashpoint to already tense relations between the United States and China.
The operation, which employed social engineering techniques and malware disguised as legitimate software updates, has been attributed to a group Google labels as UNC6384. The term “UNC” refers to uncategorised activity that has not yet been formally tied to a named hacking collective, though Google researchers say they have high confidence the group is China-aligned.
Patrick Whitsell, a senior security engineer at Google, told Bloomberg News that about two dozen victims fell prey to the campaign after unknowingly downloading malware. While Google declined to identify the nationalities of those affected, Whitsell stressed that the evidence strongly suggests the attackers were operating in support of Beijing’s strategic interests. He added that the victims were likely a mix of government employees and outside contractors with access to sensitive diplomatic information.
China’s Ministry of Foreign Affairs denied involvement, saying it was unaware of the specific case and accusing Google of spreading “false information.” Beijing has regularly rejected accusations of cyber-espionage, even as both U.S. and European officials point to mounting evidence of state-linked intrusions against governments, corporations, and research institutions.
🕵️ Espionage in silicon: hackers now target chip blueprints with AI-driven backdoors
The attack on diplomats unfolded with precision. Hackers first infiltrated Wi-Fi networks used by diplomatic facilities and residential compounds, creating a channel to impersonate trusted software providers. Victims were tricked into downloading what appeared to be standard updates for Adobe plug-ins. In reality, the files carried malware known as SOGU.SEC, which embedded itself in the memory of targeted devices. This memory-resident technique allowed the spyware to avoid traditional detection systems while quietly extracting documents, emails, and other sensitive materials.
“I would assume diplomats have pretty sensitive documents on their laptops that they’re using for their day-to-day work,” Whitsell explained. “And once you’re on that device, you can get those documents.” He acknowledged, however, that investigators could not determine the full scale of data theft or how much information may have been compromised.
The Google disclosure is only the latest in a series of tit-for-tat allegations between Washington and Beijing over cyber activity. In July, Microsoft warned that Chinese state-sponsored hackers were exploiting flaws in its software to infiltrate global institutions. In response, Beijing accused U.S. intelligence services of launching cyberattacks against Chinese military contractors by exploiting other Microsoft vulnerabilities. In parallel, China raised questions about the security of U.S.-designed semiconductors, including Nvidia’s H20 chips tailored for the Chinese market, suggesting that American hardware could pose risks of its own.
Espionage, diplomacy, and global stakes
South-east Asia’s diplomatic corps represents a highly attractive target for espionage. The region sits at the heart of great-power rivalry, with governments balancing close economic ties to China against security partnerships with the United States. Diplomatic communications often contain detailed accounts of negotiations over trade deals, maritime boundaries, and defense arrangements. Access to these documents could give Beijing valuable leverage in regional disputes such as those in the South China Sea.
Protecting Against Cyber Attacks on Critical Infrastructure
Google’s report suggests that UNC6384 not only went after officials but also targeted contractors, consultants, and other intermediaries—highlighting how attackers are expanding their reach into softer targets with weaker defenses. By exploiting human error through convincing social engineering, they bypassed technical barriers and gained access to devices assumed to be secure.
The incident underscores the growing normalisation of cyber-espionage as a tool of statecraft. Unlike traditional intelligence-gathering, digital campaigns can be executed remotely, scaled rapidly, and carried out with plausible deniability. For governments, this makes them an attractive but destabilising weapon. For diplomats, it means their daily communications and devices are perpetually under siege.
The broader consequences extend beyond the immediate victims. Each new disclosure of hacking campaigns tied to major powers erodes trust in the global digital ecosystem. It also deepens mistrust between Washington and Beijing at a time when both countries are vying for influence in emerging technologies like artificial intelligence, quantum computing, and advanced semiconductors.
Legal experts note that the case illustrates the gap in international norms governing cyberspace. While espionage has always been part of international relations, there is little consensus on what constitutes unacceptable conduct in the digital realm. As a result, countries respond to cyber intrusions inconsistently—sometimes with sanctions, other times with public exposure, and occasionally with retaliation in kind.
Russia-Linked Hackers Use Fake Wine Event to Target European Diplomats
For the governments of South-east Asia, the report is a stark warning that they are at the front lines of global cyber conflict. Strengthening defenses will require more than just improved technical measures. It also demands better awareness training for diplomats and contractors, who remain the weakest link in the chain. For the United States and China, meanwhile, the episode adds yet another layer of friction to a relationship already strained by trade disputes, technology bans, and competing visions of international order.
Ultimately, the story of UNC6384 demonstrates that modern diplomacy no longer unfolds solely in the corridors of embassies or the halls of parliaments. Increasingly, it plays out in invisible networks, Wi-Fi routers, and the code running silently on laptops. As Google’s findings show, the lines between statecraft and cyber warfare are blurring, and the costs of being unprepared are higher than ever.
