216.73.217.80

Targets high value telecommunications infrastructure in South Asia

· Published 08/01/2026 16:30 · Modified 08/01/2026 18:02

Export JSON

Essential information

Published
08/01/2026 16:30
Modified
08/01/2026 18:02
Tags
2026-01-08 bulbature china-nexus driveswitch espionage redleaves rushdrop shadowpad silentraid telecommunications
Related entities
3 observables, 1 intrusion sets (apt), 8 malware, 1 others

Description

UAT-7290, a sophisticated threat actor active since 2022, is targeting critical infrastructure entities in South Asia, particularly providers. The group's arsenal includes malware families like , , , and . UAT-7290 conducts extensive reconnaissance before intrusions, using one-day exploits and SSH brute force to compromise edge devices. The actor is believed to be a APT, sharing similarities with APT10 and other known Chinese threat groups. UAT-7290 has recently expanded its targeting to Southeastern Europe and may establish Operational Relay Boxes for other actors. Their malware suite primarily focuses on Linux systems but can also utilize Windows-based implants.

External references