Microsoft has said that state-backed Chinese hackers are targeting South American diplomats with the Poison Plug malware.
The threat actor behind the campaign is DEV-0147.
- According to Microsoft, DEV-0147 is using tools such as ShadowPad, QuasarLoader, and Cobalt Strike to breach diplomats in South American countries.
- The hacking campaign uses Quasar Loader to load additional malware in the targeted network, while Cobalt Strike is used for data exfiltration.
- Microsoft stated that this is the first time this campaign has been used to target victims outside of Europe and Asia.
- In early 2022, China-based threat actors were tracked as the operators behind a hacking campaign that breached U.S. state networks.
- ShadowPad has been previously used by threat actors in an attack targeting an ASEAN member foreign ministry by exploiting a vulnerable Microsoft Exchange Server.
