{"id":239900,"date":"2026-05-05T10:19:00","date_gmt":"2026-05-05T14:19:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/05\/china-linked-uat-8302-targets-governments-using-shared-apt-malware-across-regions\/"},"modified":"2026-05-05T20:00:07","modified_gmt":"2026-05-06T00:00:07","slug":"china-linked-uat-8302-targets-governments-using-shared-apt-malware-across-regions","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/05\/china-linked-uat-8302-targets-governments-using-shared-apt-malware-across-regions\/","title":{"rendered":"China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions"},"content":{"rendered":"

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions<\/a><\/p>\n

https:\/\/thehackernews.com\/2026\/05\/china-linked-uat-8302-targets.html<\/a><\/p>\n

Publish Date: 2026-05-05 10:19:00<\/a><\/p>\n

Source Domain: thehackernews.com<\/a><\/p>\n

\ue804Ravie Lakshmanan<\/span>\ue802May 05, 2026<\/span><\/span>Network Security \/ Endpoint Security<\/span><\/p>\n

A sophisticated China-nexus advanced persistent threat (APT) group has been attributed to attacks targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025.<\/p>\n

The activity is being tracked by Cisco Talos under the moniker UAT-8302<\/strong>, with post-exploitation involving the deployment of custom-made malware families that have been put to use by other China-aligned hacking groups.<\/p>\n

Notable among the malware families is a .NET-based backdoor dubbed NetDraft (aka NosyDoor), a C# variant of FINALDRAFT (aka Squidoor) that has been previously linked to threat clusters known as Ink Dragon, CL-STA-0049, Earth Alux, Jewelbug, and REF7707.<\/p>\n

ESET is tracking the use of NosyDoor to a group it calls LongNosedGoblin. Interestingly, the same malware has also been deployed against Russian IT organizations by a threat actor referred to as Erudite Mogwai (aka Space Pirates and Webworm), per Russian cybersecurity company Solar, which has given it the name\u00a0LuckyStrike Agent.<\/p>\n

Some of the other tools utilized by UAT-8302 are as follows –<\/p>\n

\"\"<\/p>\n

\u00a0“Malware deployed by UAT-8302 connects it to several previously publicly disclosed threat clusters, indicating a close operating relationship between them at the very least,” Talos researchers Jungsoo An, Asheer Malhotra, and Brandon White said in a technical report published today.<\/p>\n

“Overall, the various malicious artifacts deployed by UAT-8302 indicate that the group has access to tools used by other sophisticated APT actors, all of which have been assessed as China-nexus or Chinese-speaking by various third-party industry reports.”<\/p>\n

It’s currently not known what initial access methods the adversary employs to break into target networks, but it’s suspected to involve the tried-and-tested approach of weaponizing zero-day and N-day exploits in web applications.<\/p>\n

Upon gaining a foothold, the attackers are known to…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions https:\/\/thehackernews.com\/2026\/05\/china-linked-uat-8302-targets.html Publish Date: 2026-05-05 10:19:00…<\/p>\n","protected":false},"author":1,"featured_media":239901,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhcz8_PjYKknoot4F_PnjDZ7F1HhyphenhyphenIATFohYVF1OQYLSUFwiOPknnFF3ShgQKtKtfOEUbwUcfB-xhQAbi3dBsUvKki_ooKqYmQR3KfzcC1U443sR89JlLu5oPDJcEz9GXfEo5GwtMNj8s7HGg5-qsaR0sqqkSOUBsNFcqrz9NPDPyU6lQNl2RRtADTFzK0f\/s1600\/chinese-hackers-2.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32,29,34],"class_list":["post-239900","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware","tag-network-security","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/239900"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=239900"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/239900\/revisions"}],"predecessor-version":[{"id":239902,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/239900\/revisions\/239902"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/239901"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=239900"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=239900"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=239900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}