Find notable cyber news and cases, enriched with sources, timelines, and signals.

UAT-9244 South America telecom targeting campaign

Campaign
First reported
Last updated
Happening score
H score 33
2 unique sources, 2 articles

Summary

Hide ▲

UAT-9244 is a China-linked campaign targeting telecommunication providers in South America since 2024. It compromises Windows, Linux, and edge devices to expand access across telecom environments. The campaign uses three implants—TernDoor, PeerTime, and BruteEntry—along with DLL side-loading, in-memory execution, and BitTorrent-based C2 retrieval. One documented phase centers on TernDoor on Windows hosts, while BruteEntry is used on edge devices for mass-scanning proxy nodes and brute-force attempts against Postgres, SSH, and Tomcat.

Related Happenings

UAT-7810 expands LapDogs ORB network to provide covert routing infrastructure

Threat Actor Meta
H score29 First: 08.07.2026 17:30 Last: 08.07.2026 17:30 Sources 1

About this happening: **UAT-7810** expanded its **LapDogs ORB network**, adding covert routing capacity that helps other hackers hide traffic origin and reach **high-value targets**. The infrastructure...

Calypso telecommunications espionage campaign using Showboat and JFMBackdoor

Campaign
H score36 First: 21.05.2026 17:00 Last: 21.05.2026 17:00 Sources 1

About this happening: A **Calypso / Red Lamassu** espionage campaign is targeting **telecommunications providers** with new **Showboat** and **JFMBackdoor** malware, increasing the risk of long-term co...

Sqgame[.]net gaming platform hit by network compromise

Incident
H score10 First: 05.05.2026 18:00 Last: 05.05.2026 18:00 Sources 1

About this happening: The **sqgame[.]net** gaming platform was **compromised**, and its **Windows** and **Android** software were **trojanized** to deliver malicious code to users, putting a regional e...

UAT-8302 government-targeting campaign across South America and southeastern Europe

Campaign
H score28 First: 05.05.2026 17:19 Last: 05.05.2026 17:19 Sources 1

About this happening: The **UAT-8302** campaign has been tied to attacks on **government entities** in **South America** and **southeastern Europe**, showing a multi-region operation with post-exploita...

ScarCruft sqgame[.]net supply-chain espionage campaign

Campaign
H score8 First: 05.05.2026 12:07 Last: 05.05.2026 12:07 Sources 1

About this happening: **ScarCruft**'s **late-2024** supply-chain campaign against **sqgame[.]net** expanded a niche gaming platform compromise into a **multi-platform espionage channel**. The operation...

Timeline

  1. 06.03.2026 10:22 2 articles · 4mo ago

    UAT-9244 South America telecommunications targeting campaign

    Initial Disclosure

    The first documented phase centers on **TernDoor** targeting **Windows** hosts through **DLL side-loading** with `wsprint.exe` and `BugSplatRc64.dll`. After launch, it loads in memory and establishes persistence through a scheduled task or the Registry Run key.

    Show sources
  2. 06.03.2026 01:19 2 articles · 4mo ago

    UAT-9244 telecom campaign analysis and IoCs

    Technical Analysis Update

    A China-linked activity cluster tracked as UAT-9244 is analyzed as targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge devices with three previously undocumented malware families: TernDoor, PeerTime, and BruteEntry. The activity uses DLL side-loading, BitTorrent-based C2, brute-force scanning against SSH, Postgres, and Tomcat, and published IoCs support early detection and blocking.

    Show sources