“backdoor access using proxy and vpn tools like stowaway and softether vpn. the findings underscore the trend of advanced collaboration tactics between multiple china - aligned groups. in october 2025, trend micro shed light on a phenomenon called premier pass - as - a - service, …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.001Malware
86%
“china - linked uat - 8302 targets governments using shared apt malware across regions a sophisticated china - nexus advanced persistent threat ( apt ) group has been attributed to attacks targeting government entities in south america since at least late 2024 and government agenc…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.002Tool
66%
“##udite mogwai ( aka space pirates and webworm ), per russian cybersecurity company solar, which has given it the name luckystrike agent. some of the other tools utilized by uat - 8302 are as follows - - cloudsorcerer, a backdoor observed in attacks targeting russian entities sin…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
57%
“" overall, the various malicious artifacts deployed by uat - 8302 indicate that the group has access to tools used by other sophisticated apt actors, all of which have been assessed as china - nexus or chinese - speaking by various third - party industry reports. " it ' s current…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1587.001Malware
53%
“china - linked uat - 8302 targets governments using shared apt malware across regions a sophisticated china - nexus advanced persistent threat ( apt ) group has been attributed to attacks targeting government entities in south america since at least late 2024 and government agenc…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1219Remote Access Tools
40%
“" overall, the various malicious artifacts deployed by uat - 8302 indicate that the group has access to tools used by other sophisticated apt actors, all of which have been assessed as china - nexus or chinese - speaking by various third - party industry reports. " it ' s current…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025.
The activity is being tracked by Cisco Talos under the moniker UAT-8302, with post-exploitation involving the deployment of custom-made malware families that have been put