China-Linked Hackers Hit Governments with Shared Malware

China-Linked Hackers Strike Governments with Shared Malware

According to recent reports, a sophisticated advanced persistent threat (APT) group with ties to China has been targeting government agencies in South America and southeastern Europe. The group, tracked as UAT-8302 by cybersecurity researchers, has been active since at least late 2024, focusing on espionage and data theft.

Attack Campaigns and Targets

The group's operations span multiple regions, with attacks observed against government entities in South America starting in late 2024, followed by similar campaigns targeting southeastern European governments in 2025. The attackers employ custom-made malware families during the post-exploitation phase, indicating a well-resourced and organized operation.

Technical Analysis

UAT-8302's toolset includes shared malware variants that have been used across different regions, suggesting a coordinated and centralized command structure. The malware families are designed to evade detection, maintain persistence, and exfiltrate sensitive data from compromised networks. The group's tactics, techniques, and procedures (TTPs) align with known China-nexus threat actors, further linking them to state-sponsored espionage.

Implications for Global Security

This campaign highlights the persistent threat posed by state-linked APT groups targeting government infrastructure. The use of shared malware across regions indicates a strategic focus on gathering intelligence from multiple geopolitical areas. Organizations in the public sector are urged to enhance their cybersecurity posture, implement robust monitoring, and share threat intelligence to counter such advanced attacks.