Security News > 2023 > February > Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad

Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America.

The threat actor is said to use established hacking tools such as ShadowPad to infiltrate targets and maintain persistent access.

"DEV-0147's attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for recon and lateral movement, and the use of Cobalt Strike for command-and-control and data exfiltration," Microsoft said.

DEV-0147 is far from the only China-based advanced persistent threat to leverage ShadowPad in recent months.

In September 2022, NCC Group unearthed details of an attack aimed at an unnamed organization that leveraged a critical flaw in WSO2 to drop web shells and activate an infection chain that led to the delivery of ShadowPad for intelligence gathering.

ShadowPad has also been employed by unidentified threat actors in an attack targeting an ASEAN member foreign ministry through the successful exploitation of a vulnerable, and Internet-connected, Microsoft Exchange Server.

News URL

https://thehackernews.com/2023/02/chinese-hackers-targeting-south.html