Cisco Talos has identified a new China-nexus threat actor designated as UAT-9244, which shows significant overlap with established groups like Famous Sparrow and Tropic Trooper. Active since early 2024, this group primarily targets critical telecommunications infrastructure in South America using a sophisticated toolkit comprising both Windows and Linux-based malware. Their operations utilize DLL side-loading and specialized drivers to maintain persistence and evade detection on compromised endpoints.
The threat actor's arsenal includes three primary implants: TernDoor, PeerTime, and BruteEntry. TernDoor is a Windows backdoor evolving from the CrowDoor family, while PeerTime is a cross-platform P2P backdoor using the BitTorrent protocol for command-and-control communication. Additionally, the group deploys BruteEntry, a Go-based scanner that converts edge devices into operational relay boxes (ORBs) to perform brute-force attacks against SSH, Postgres, and Tomcat servers.
Top comments (0)