China-Linked APT Group UAT‑8302 Targets South American & Eastern European Governments with Shared Malware
What Happened — Cisco Talos attributes a China‑nexus APT group, designated UAT‑8302, to a campaign that has been compromising government networks in South America since late 2024 and in southeastern Europe throughout 2025. The group deploys custom‑built malware families that are reused across regions, enabling persistent access and data collection.
Why It Matters for TPRM —
- State‑sponsored actors targeting sovereign entities can expose third‑party supply chains that service those agencies.
- Reused malware indicates a mature toolkit that may be repurposed against vendors with government contracts.
- Early detection of such campaigns helps organizations reassess geopolitical risk and vendor vetting.
Who Is Affected — Government ministries, public‑sector IT service providers, and any third‑party vendors that support those agencies in South America and southeastern Europe.
Recommended Actions — Review contracts with government‑related vendors, verify that they employ robust network segmentation and threat‑intel monitoring, and update incident‑response playbooks to include APT‑style intrusion indicators.
Technical Notes — Attack vector: custom APT malware delivered via spear‑phishing and compromised remote‑access tools. No specific CVEs disclosed. Exfiltrated data includes email archives, credential dumps, and internal policy documents. Source: The Hacker News