Kowatek Solar LTD
Themis Powder2Power particle-based CSP begins commissioning in France
18:00
Themis Powder2Power particle-based CSP begins commissioning in France
3 Hours Of Free Power Explained
17:53
3 Hours Of Free Power Explained
Father of Modern Solar Approaches the Next Frontier
17:51
Father of Modern Solar Approaches the Next Frontier
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
14:40
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
The optimal internal receiver geometry for high temperature solar fuels
17:59
The optimal internal receiver geometry for high temperature solar fuels
Rolls-Royce to build four BESS facilities for Sunly in Latvia
17:52
Rolls-Royce to build four BESS facilities for Sunly in Latvia
Engie to build 155MW solar PV at gas plant in Spain 
17:51
Engie to build 155MW solar PV at gas plant in Spain 
Supreme Court of Ohio reverses permit for Oak Run Solar site
14:28
Supreme Court of Ohio reverses permit for Oak Run Solar site
SolarPACES has now mapped all 43 of China’s new CSP projects
17:57
SolarPACES has now mapped all 43 of China’s new CSP projects
Germany: interaction between grid fees, BKZ and FCAs still need to be solved
07:34
Germany: interaction between grid fees, BKZ and FCAs still need to be solved

Chinese Hackers Infiltrate South American Diplomatic Networks

Chinese government-backed threat actor DEV-0147 has been spotted targeting South American diplomatic organizations using the ShadowPad remote access Trojan (RAT), also known as PoisonPlug.

Microsoft shared its findings on Twitter On Monday, it said the threat actor’s new campaign represented a notable expansion of the group’s data exfiltration operations, which previously targeted government agencies and think tanks in Asia and Europe.

From a technical perspective, the tech giant believes that DEV-0147 deployed ShadowPad, a RAT associated with other China-based actors to achieve persistence, and QuasarLoader, a Webpack loader. and confirmed that it would download and run additional malware.

“The DEV-0147 attack in South America involved exploiting on-premises identity infrastructure for reconnaissance and lateral movement, cobalt strike For command and control and data exfiltration,” read one of the Twitter posts.

“Microsoft 365 Defender detects these DEV-0147 attacks through Microsoft Defender for Identity and Defender for Endpoint. Enforcement is also strongly recommended for organizations. [multi-factor authentication] MFA. “

DEV-0147 isn’t the only actor using ShadowPad in China recently.a Advisory for June 2022 Research by Kaspersky has confirmed that Chinese attackers are using malware to target unpatched Microsoft Exchange servers in various Asian countries.

According to a security researcher at secure worksShadowPad evolved from PlugX malwareIt is frequently used by Chinese hostile groups associated with the Ministry of State Security (MSS) and the People’s Liberation Army (PLA).

“Available evidence at the time of this publication suggests that ShadowPad was deployed by MSS-related threat groups, as well as PLA-related threat groups operating on behalf of regional Theater Commands,” it reads. Secureworks Advisory From February 2022.

“This malware was likely developed by a threat actor belonging to BRONZE ATLAS and was subsequently shared with MSS and PLA threat groups around 2019. Any organization likely to be targeted by threat groups should be monitored. [tactics, techniques and procedures] TTPs associated with this malware. ”



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us