Chinese cyber spies “compromising” diplomatic targets in South America, warns Microsoft


A China-based cyber threat actor tracked as DEV-0147 was observed spying on South American diplomatic targets by Microsoft Security Intelligence in a “notable” expansion of the group’s operations from Asia and Europe.

DEV-0147’s attacks in South America included “post-exploitation activity involving the abuse of on-premises identity infrastructure for recon and lateral movement,” Microsoft’s security experts said in a Twitter thread, as well as “the use of Cobalt Strike for command and control and data exfiltration.”

The group could be identified by the use of tools like ShadowPad, a remote access trojan, Microsoft said. Other China-based actors also use the tool to maintain persistent access, it noted. QuasarLoader, a webpack loader, was used to deploy additional malware.

Microsoft 365 Defender, a threat protection software, detected DEV-0147’s attacks through Microsoft Defender for Identity and Defender for Endpoint, the company’s security intelligence said.

The “compromising” of diplomatic targets in South America was “a notable expansion of the group’s data exfiltration operations that traditionally targeted government agencies and think tanks in Asia and Europe,” Microsoft said.

It comes as Latin America is getting increasingly caught up in a great power rivalry between China and the US. A suspected spy balloon – similar to those shot down in the US and Canada – was also detected flying over Central and South America earlier this month.

Beijing acknowledged the balloon’s ownership last week but denied it was used for spying. The Pentagon said it was part of China’s fleet of surveillance balloons also spotted in Asia and Europe.


More from Cybernews:

Feeling love-bombed? It might be a romance scam

Pepsi, where's my data? Crooks breach America's largest beverage manufacturer

YouTube crypto scam robbed Tether investors of at least $100,000

Mobile game with 10m+ downloads spills source code, endangers user data

Dark side of ChatGTP: it’s aiding cybercrime

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked