Targets high value telecommunications infrastructure in South Asia
Essential information
- Published
- 08/01/2026 16:30
- Modified
- 08/01/2026 18:02
- Tags
- 2026-01-08 bulbature china-nexus driveswitch espionage redleaves rushdrop shadowpad silentraid telecommunications
- Related entities
- 3 observables, 1 intrusion sets (apt), 8 malware, 1 others
Description
UAT-7290, a sophisticated threat actor active since 2022, is targeting critical infrastructure entities in South Asia, particularly telecommunications providers. The group's arsenal includes malware families like RushDrop, DriveSwitch, SilentRaid, and Bulbature. UAT-7290 conducts extensive reconnaissance before intrusions, using one-day exploits and SSH brute force to compromise edge devices. The actor is believed to be a China-nexus APT, sharing similarities with APT10 and other known Chinese threat groups. UAT-7290 has recently expanded its targeting to Southeastern Europe and may establish Operational Relay Boxes for other China-nexus actors. Their malware suite primarily focuses on Linux systems but can also utilize Windows-based implants.