Find notable cyber news and cases, enriched with sources, timelines, and signals.

UAT-7290 long-running telecom espionage campaign

Campaign
First reported
Last updated
Happening score
H score 41
2 unique sources, 2 articles

Summary

Hide ▲

UAT-7290 is running a long-running cyber-espionage campaign against telecommunications providers in South Asia, with recent expansion into Southeastern Europe. The operation matters because it seeks deep, persistent access to strategically significant networks. The group targets public-facing edge devices using one-day vulnerabilities and target-specific SSH brute-force. It has also built Operational Relay Box (ORB) infrastructure to turn compromised systems into relay nodes for other China-nexus actors.

Related Happenings

UAT-7810 expands LapDogs ORB network to provide covert routing infrastructure

Threat Actor Meta
H score29 First: 08.07.2026 17:30 Last: 08.07.2026 17:30 Sources 1

About this happening: **UAT-7810** expanded its **LapDogs ORB network**, adding covert routing capacity that helps other hackers hide traffic origin and reach **high-value targets**. The infrastructure...

UAT-7810 Operational Relay Box network-building campaign

Campaign
H score39 First: 08.07.2026 12:04 Last: 08.07.2026 12:04 Sources 1

About this happening: An **ongoing UAT-7810 campaign** is expanding **Operational Relay Box (ORB) networks** by breaking into **internet-facing networking devices**, increasing relay capacity for downs...

StrikeShark SharkLoader and Cobalt Strike Beacon campaign

Campaign
H score42 First: 26.06.2026 21:17 Last: 26.06.2026 21:17 Sources 1

About this happening: The **StrikeShark** campaign is deploying **SharkLoader** to load **Cobalt Strike Beacon** on compromised hosts, raising the risk of broader follow-on intrusion activity. It has t...

CL-STA-1062 Southeast Asia critical infrastructure campaign using TinyRCT

Campaign
H score18 First: 26.06.2026 13:30 Last: 26.06.2026 13:30 Sources 1

About this happening: A **China-linked** campaign by **CL-STA-1062** is targeting **government entities** and **critical infrastructure** across **Southeast Asia**, with activity reaching **state-owned...

China-nexus agentic tools attack campaign targeting Japanese technology and East Asian cybersecurity organizations

Campaign
H score31 First: 11.05.2026 16:00 Last: 11.05.2026 16:00 Sources 1

About this happening: A **China-nexus actor** used **agentic tools** in a targeted attack against a **Japanese technology firm** and an **East Asian cybersecurity platform**, showing how AI-driven orch...

Timeline

  1. 08.01.2026 18:00 2 articles · 6mo ago

    UAT-7290 telecom espionage campaign disclosed

    Initial Disclosure

    Cisco Talos disclosed a long-running cyber-espionage campaign by UAT-7290 against telecommunications providers in South Asia, with recent expansion into Southeastern Europe. The activity targets high-value telecommunications infrastructure, focuses on gaining deep persistent access, and primarily compromises public-facing edge devices by exploiting one-day vulnerabilities in widely deployed networking products and using target-specific SSH brute-force techniques. The group also established Operational Relay Box (ORB) infrastructure to convert compromised systems into relay nodes for other China-nexus groups, and its tooling includes RushDrop, DriveSwitch, SilentRaid, and Bulbature.

    Show sources