""Malware deployed by UAT-8302 connects it to several previously publicly disclosed threat clusters, indicating a close operating relationship between them at the very least.""
""Overall, the various malicious artifacts deployed by UAT-8302 indicate that the group has access to tools used by other sophisticated APT actors, all of which have been assessed as China-nexus or Chinese-speaking by various third-party industry reports.""
UAT-8302, a sophisticated China-nexus APT group, has been linked to attacks on government entities in South America since late 2024 and in southeastern Europe in 2025. Cisco Talos tracks this group, which employs custom malware, notably the .NET-based backdoor NosyDoor. This malware has connections to various threat clusters and has also been used against Russian IT organizations. The group's tactics suggest they utilize zero-day and N-day exploits for initial access, followed by extensive reconnaissance of target networks.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]