China-Linked UAT-8302 APT Targets Governments in South America and Europe
A China-nexus advanced persistent threat (APT) group, tracked by Cisco Talos as UAT-8302, is actively targeting government entities. The Hacker News reports that attacks have hit South American government entities since late 2024, extending to government agencies in southeastern Europe in 2025. This group demonstrates a persistent, geographically diverse targeting strategy.
Post-exploitation, UAT-8302 deploys custom-made malware families, indicating a tailored approach rather than off-the-shelf tools. The use of shared APT malware across regions suggests a centralized development and operational structure, allowing the group to leverage proven tactics and tools against varied targets. This efficiency reduces development overhead and increases the speed of deployment.
This campaign underscores the persistent threat of state-sponsored espionage. Targeting government agencies in distinct geopolitical regions suggests intelligence gathering is the primary objective, rather than financial gain. The long-term nature of these campaigns, spanning across years, highlights the strategic patience and resourcefulness of such actors.
What This Means For You
- If your government organization operates in South America or southeastern Europe, you are a primary target. Assume compromise and hunt for UAT-8302's custom malware. Focus on detecting post-exploitation activity, not just initial access. Review network logs for unusual outbound connections and anomalous user behavior, especially from systems that handle sensitive government data. Your adversaries are patient and well-resourced.
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| UAT-8302 | APT Activity | China-nexus APT group UAT-8302 |
| UAT-8302 | Targeted Attack | Government entities in South America (late 2024) |
| UAT-8302 | Targeted Attack | Government agencies in southeastern Europe (2025) |
| UAT-8302 | Malware Deployment | Custom-made malware families |
Written by SCW Vulnerability Desk
Related coverage on
Microsoft Warns of Sophisticated AitM Phishing Campaign Targeting US Organizations
Microsoft has issued a warning regarding a sophisticated phishing campaign actively targeting organizations in the United States. According to SecurityWeek, the attack vector involves malicious...
EOL Software Creates CVE Blind Spots in SCA Tools
BleepingComputer reports that critical vulnerabilities often lurk in open-source software, particularly those that have reached End-of-Life (EOL) status. This EOL software frequently falls outside the...
Vimeo Data Breach Exposes Personal Information of 119,000
The ShinyHunters extortion gang successfully breached Vimeo's online video platform in April, compromising the personal information of over 119,000 individuals. This incident, confirmed by data...