Summary

A China-linked advanced persistent threat (APT) group, UAT-8302, has been identified targeting government entities in South America and southeastern Europe. The group has been active since at least late 2024, utilizing custom-made malware families for post-exploitation activities.

Key Points

• The APT group is tracked by Cisco Talos under the name UAT-8302.
• Attacks have been ongoing since late 2024 in South America and 2025 in southeastern Europe.
• The group employs custom-made malware families for their operations.
• The focus is on government entities, indicating a strategic targeting approach.

Analysis

The activities of UAT-8302 underscore the persistent and evolving threat posed by state-sponsored cyber actors. By targeting government entities across different regions, the group demonstrates a broad operational scope and a high level of sophistication in their attack methods. The use of custom malware indicates significant resources and expertise, suggesting a well-funded operation.

Conclusion

IT professionals should enhance monitoring and defenses against APT activities, particularly those originating from state-sponsored groups. Regular updates to threat intelligence and security protocols are recommended to mitigate the risks posed by such sophisticated actors.