Cisco Talos has exposed UAT-7290, a Chinese-nexus threat actor focusing on critical infrastructure, especially telecom networks in South Asia and Southeastern Europe. This group builds long-term attack infrastructure and acts both as spies and facilitators for other hacker groups. #UAT-7290 #ChinaNexus #CriticalInfrastructure #SoutheasternEurope
Keypoints
- UAT-7290 is a sophisticated threat actor operating since at least 2022, focusing on critical infrastructure networks.
- The group specializes in stealth, persistence, and building attack infrastructure for long-term use.
- They develop custom malware such as RushDrop, DriveSwitch, SilentRaid, and the resilient Bulbature backdoor.
- UAT-7290 also serves as a relay, providing infrastructure used by other China-nexus threat actors for malicious operations.
- The group has recently expanded its targeting from South Asian telecommunications to Southeastern Europe, indicating strategic growth.