UAT-9244, a Chinese-linked threat actor associated with FamousSparrow and Tropic Trooper, has been targeting South American telecommunications providers since 2024. The group utilizes a sophisticated toolkit designed to compromise Windows, Linux, and network-edge devices, establishing a persistent presence within critical infrastructure. Their operations focus on long-term access and the recruitment of systems into proxy networks.
The campaign involves three new malware families: TernDoor, PeerTime, and BruteEntry. TernDoor employs DLL side-loading and kernel-level drivers to maintain persistence on Windows systems. PeerTime is a cross-platform Linux backdoor that leverages the BitTorrent protocol for decentralized command-and-control, while BruteEntry converts compromised systems into Operational Relay Boxes (ORBs) to perform further scanning and brute-force attacks against SSH, Postgres, and Tomcat services.
Top comments (0)