A China-nexus threat actor dubbed UAT-7290 has been active since 2022, primarily targeting telecommunications in South Asia and Southeastern Europe with a focus on espionage and network reconnaissance. Their operations involve deploying sophisticated malware like RushDrop, DriveSwitch, and SilentRaid, and establishing infrastructure for ongoing malicious activities. #UAT-7290 #StonePanda #RedFoxtrot #SilentRaid
Keypoints
- UAT-7290 is a Chinese-linked threat actor focusing on espionage against South Asian and European entities.
- The group conducts extensive reconnaissance before launching attacks with malware such as RushDrop and SilentRaid.
- They utilize open-source tools, custom malware, and exploits targeting edge networking devices.
- The threat actor establishes Operational Relay Box (ORB) nodes to facilitate ongoing operations for themselves and others.
- UAT-7290 shares infrastructure and tactics with groups like Stone Panda and RedFoxtrot, using one-day exploits and SSH brute force methods.
Read More: https://thehackernews.com/2026/01/china-linked-uat-7290-targets-telecoms.html