Common Information
| Type | Value |
|---|---|
| Value |
DEV-0147 |
| Category | Actor |
| Type | Threat-Actor |
| Misp Type | Cluster |
| Description | DEV-0147 is a China-based cyber espionage actor was observed compromising diplomatic targets in South America, a notable expansion of the group's data exfiltration operations that traditionally targeted gov't agencies and think tanks in Asia and Europe. DEV-0147 is known to use tools like ShadowPad, a remote access trojan associated with other China-based actors, to maintain persistent access, and QuasarLoader, a webpack loader, to deploy additional malware. DEV-0147's attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for recon and lateral movement, and the use of Cobalt Strike for command and control and data exfiltration. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2023-02-15 | 3 | Chinese Hackers Use ShadowPad Against South American Diplomatic Entities | ||
| Details | Website | 2023-02-15 | 3 | China-based cyberespionage actor seen targeting South America | ||
| Details | Website | 2023-02-14 | 1 | Chinese Hackers Infiltrate South American Diplomatic Networks | ||
| Details | Website | 2023-02-14 | 3 | Chinese Hackers Targeting South American Diplomatic Entities with ShadowPad | ||
| Details | Website | 2021-01-01 | 2 | Operation Tainted Love: New Cyberespionage Campaign by Chinese |