China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions
Cisco Talos has identified a China-linked APT group, UAT-8302, targeting government entities in South America and southeastern Europe using custom-made malware families. The group is linked to other China-aligned hacking groups through shared malware tools.
A China-nexus APT group, UAT-8302, has been attributed to attacks on government entities in South America since late 2024 and southeastern Europe in 2025. UAT-8302 uses custom-made malware families, including NetDraft, a .NET-based backdoor linked to threat clusters like Ink Dragon and Jewelbug. The group shares tools with other China-aligned hacking groups, such as CloudSorcerer and Deed RAT. UAT-8302 conducts extensive reconnaissance, automated scanning, and lateral movement within target networks. The initial access method is suspected to involve exploiting zero-day and N-day vulnerabilities in web applications.
This content was automatically generated and/or translated by AI. It may contain inaccuracies. Please refer to the original sources for verification.