UAT-7290 long-running telecom espionage campaign
Campaign
Summary
Hide ▲
Show ▼
UAT-7290 is running a long-running cyber-espionage campaign against telecommunications providers in South Asia, with recent expansion into Southeastern Europe. The operation matters because it seeks deep, persistent access to strategically significant networks. The group targets public-facing edge devices using one-day vulnerabilities and target-specific SSH brute-force. It has also built Operational Relay Box (ORB) infrastructure to turn compromised systems into relay nodes for other China-nexus actors.
Related Happenings
UAT-7810 expands LapDogs ORB network to provide covert routing infrastructure
Threat Actor Meta
H score29
First: 08.07.2026 17:30
Last: 08.07.2026 17:30
Sources 1
About this happening:
**UAT-7810** expanded its **LapDogs ORB network**, adding covert routing capacity that helps other hackers hide traffic origin and reach **high-value targets**. The infrastructure...
UAT-7810 expands LapDogs ORB network to provide covert routing infrastructure
Threat Actor MetaAbout this happening: **UAT-7810** expanded its **LapDogs ORB network**, adding covert routing capacity that helps other hackers hide traffic origin and reach **high-value targets**. The infrastructure...
UAT-7810 Operational Relay Box network-building campaign
Campaign
H score39
First: 08.07.2026 12:04
Last: 08.07.2026 12:04
Sources 1
About this happening:
An **ongoing UAT-7810 campaign** is expanding **Operational Relay Box (ORB) networks** by breaking into **internet-facing networking devices**, increasing relay capacity for downs...
UAT-7810 Operational Relay Box network-building campaign
CampaignAbout this happening: An **ongoing UAT-7810 campaign** is expanding **Operational Relay Box (ORB) networks** by breaking into **internet-facing networking devices**, increasing relay capacity for downs...
StrikeShark SharkLoader and Cobalt Strike Beacon campaign
Campaign
H score42
First: 26.06.2026 21:17
Last: 26.06.2026 21:17
Sources 1
About this happening:
The **StrikeShark** campaign is deploying **SharkLoader** to load **Cobalt Strike Beacon** on compromised hosts, raising the risk of broader follow-on intrusion activity. It has t...
StrikeShark SharkLoader and Cobalt Strike Beacon campaign
CampaignAbout this happening: The **StrikeShark** campaign is deploying **SharkLoader** to load **Cobalt Strike Beacon** on compromised hosts, raising the risk of broader follow-on intrusion activity. It has t...
CL-STA-1062 Southeast Asia critical infrastructure campaign using TinyRCT
Campaign
H score18
First: 26.06.2026 13:30
Last: 26.06.2026 13:30
Sources 1
About this happening:
A **China-linked** campaign by **CL-STA-1062** is targeting **government entities** and **critical infrastructure** across **Southeast Asia**, with activity reaching **state-owned...
CL-STA-1062 Southeast Asia critical infrastructure campaign using TinyRCT
CampaignAbout this happening: A **China-linked** campaign by **CL-STA-1062** is targeting **government entities** and **critical infrastructure** across **Southeast Asia**, with activity reaching **state-owned...
China-nexus agentic tools attack campaign targeting Japanese technology and East Asian cybersecurity organizations
Campaign
H score31
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
A **China-nexus actor** used **agentic tools** in a targeted attack against a **Japanese technology firm** and an **East Asian cybersecurity platform**, showing how AI-driven orch...
China-nexus agentic tools attack campaign targeting Japanese technology and East Asian cybersecurity organizations
CampaignAbout this happening: A **China-nexus actor** used **agentic tools** in a targeted attack against a **Japanese technology firm** and an **East Asian cybersecurity platform**, showing how AI-driven orch...
Timeline
-
08.01.2026 18:00 2 articles · 6mo ago
UAT-7290 telecom espionage campaign disclosed
Initial DisclosureCisco Talos disclosed a long-running cyber-espionage campaign by UAT-7290 against telecommunications providers in South Asia, with recent expansion into Southeastern Europe. The activity targets high-value telecommunications infrastructure, focuses on gaining deep persistent access, and primarily compromises public-facing edge devices by exploiting one-day vulnerabilities in widely deployed networking products and using target-specific SSH brute-force techniques. The group also established Operational Relay Box (ORB) infrastructure to convert compromised systems into relay nodes for other China-nexus groups, and its tooling includes RushDrop, DriveSwitch, SilentRaid, and Bulbature.
Show sources
- China-Linked UAT-7290 Targets Telecom Networks in South Asia — www.infosecurity-magazine.com — 08.01.2026 18:00
- New China-linked hackers breach telcos using edge device exploits — www.bleepingcomputer.com — 09.01.2026 01:39