Information security
fromThe Hacker News
1 week agoUNC6384 Deploys PlugX via Captive Portal Hijacks and Valid Certificates Targeting Diplomats
UNC6384 uses captive-portal AitM redirects and a digitally signed STATICPLUGIN downloader to deploy a PlugX (SOGU.SEC) backdoor against diplomats and other targets.