DEV-0147DEV-0147

Also known as: DEV-0147

Known aliases
1

Profile

DEV-0147 is a China-based cyber espionage actor was observed compromising diplomatic targets in South America, a notable expansion of the group's data exfiltration operations that traditionally targeted gov't agencies and think tanks in Asia and Europe. DEV-0147 is known to use tools like ShadowPad, a remote access trojan associated with other China-based actors, to maintain persistent access, and QuasarLoader, a webpack loader, to deploy additional malware. DEV-0147's attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for recon and lateral movement, and the use of Cobalt Strike for command and control and data exfiltration.

Aliases· 1

DEV-0147

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Red Dev 17
Actor
CL-STA-0048
Actor
UNC2717
Actor
APT41
Actor
BRONZE STARLIGHT
Actor
Chaya_004
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.