Security News > 2023 > February > Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad
Microsoft on Monday attributed a China-based cyber espionage actor to a set of attacks targeting diplomatic entities in South America.
The threat actor is said to use established hacking tools such as ShadowPad to infiltrate targets and maintain persistent access.
"DEV-0147's attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for recon and lateral movement, and the use of Cobalt Strike for command-and-control and data exfiltration," Microsoft said.
DEV-0147 is far from the only China-based advanced persistent threat to leverage ShadowPad in recent months.
In September 2022, NCC Group unearthed details of an attack aimed at an unnamed organization that leveraged a critical flaw in WSO2 to drop web shells and activate an infection chain that led to the delivery of ShadowPad for intelligence gathering.
ShadowPad has also been employed by unidentified threat actors in an attack targeting an ASEAN member foreign ministry through the successful exploitation of a vulnerable, and Internet-connected, Microsoft Exchange Server.
News URL
https://thehackernews.com/2023/02/chinese-hackers-targeting-south.html
Related news
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries (source)