216.73.217.86

South American telecommunication providers targeted with three new malware implants

· Published 05/03/2026 20:13 · Modified 06/03/2026 11:23

Export JSON

Essential information

Published
05/03/2026 20:13
Modified
06/03/2026 11:23
Tags
2026-03-05 apt bittorrent bruteentry china-nexus crowdoor peertime south america telecommunications terndoor
Related entities
57 observables, 1 intrusion sets (apt), 1 techniques (mitre), 4 malware, 4 others

Description

UAT-9244, a advanced persistent threat actor, has been targeting critical infrastructure in since 2024. The group employs three new malware implants: , a Windows-based backdoor variant of ; , an ELF-based backdoor using protocol; and , a brute force scanner for SSH, Postgres, and Tomcat servers. UAT-9244 uses dynamic-link library side-loading, scheduled tasks, and registry modifications for persistence. The group is closely associated with FamousSparrow and Tropic Trooper, sharing similar tooling and tactics. Their infrastructure includes multiple command and control servers and operational relay boxes for scanning and brute-forcing activities.

External references