Chinese cyber spies “compromising” diplomatic targets in South America, warns Microsoft
A China-based cyber threat actor tracked as DEV-0147 was observed spying on South American diplomatic targets by Microsoft Security Intelligence in a “notable” expansion of the group’s operations from Asia and Europe.
DEV-0147’s attacks in South America included “post-exploitation activity involving the abuse of on-premises identity infrastructure for recon and lateral movement,” Microsoft’s security experts said in a Twitter thread, as well as “the use of Cobalt Strike for command and control and data exfiltration.”
The group could be identified by the use of tools like ShadowPad, a remote access trojan, Microsoft said. Other China-based actors also use the tool to maintain persistent access, it noted. QuasarLoader, a webpack loader, was used to deploy additional malware.
Microsoft 365 Defender, a threat protection software, detected DEV-0147’s attacks through Microsoft Defender for Identity and Defender for Endpoint, the company’s security intelligence said.
The “compromising” of diplomatic targets in South America was “a notable expansion of the group’s data exfiltration operations that traditionally targeted government agencies and think tanks in Asia and Europe,” Microsoft said.
It comes as Latin America is getting increasingly caught up in a great power rivalry between China and the US. A suspected spy balloon – similar to those shot down in the US and Canada – was also detected flying over Central and South America earlier this month.
Beijing acknowledged the balloon’s ownership last week but denied it was used for spying. The Pentagon said it was part of China’s fleet of surveillance balloons also spotted in Asia and Europe.
More from Cybernews:
Feeling love-bombed? It might be a romance scam
Pepsi, where's my data? Crooks breach America's largest beverage manufacturer
YouTube crypto scam robbed Tether investors of at least $100,000
Mobile game with 10m+ downloads spills source code, endangers user data
Dark side of ChatGTP: it’s aiding cybercrime
Subscribe to our newsletter
Your email address will not be published. Required fields are marked