Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

UAT-9244 South America telecom targeting campaign

Campaign
First reported
Last updated
Happening score
H score 37
2 unique sources, 2 articles

Summary

Hide ▲

UAT-9244 is a China-linked campaign targeting telecommunication providers in South America since 2024. It compromises Windows, Linux, and edge devices to expand access across telecom environments. The campaign uses three implants—TernDoor, PeerTime, and BruteEntry—along with DLL side-loading, in-memory execution, and BitTorrent-based C2 retrieval. One documented phase centers on TernDoor on Windows hosts, while BruteEntry is used on edge devices for mass-scanning proxy nodes and brute-force attempts against Postgres, SSH, and Tomcat.

Related Happenings

Calypso telecommunications espionage campaign using Showboat and JFMBackdoor

Campaign
First: 21.05.2026 17:00 Last: 21.05.2026 17:00 Sources 1

About this happening: A **Calypso / Red Lamassu** espionage campaign is targeting **telecommunications providers** with new **Showboat** and **JFMBackdoor** malware, increasing the risk of long-term co...

Open Happening

Sqgame[.]net gaming platform hit by network compromise

Incident
First: 05.05.2026 18:00 Last: 05.05.2026 18:00 Sources 1

About this happening: The **sqgame[.]net** gaming platform was **compromised**, and its **Windows** and **Android** software were **trojanized** to deliver malicious code to users, putting a regional e...

Open Happening

UAT-8302 government-targeting campaign across South America and southeastern Europe

Campaign
First: 05.05.2026 17:19 Last: 05.05.2026 17:19 Sources 1

About this happening: The **UAT-8302** campaign has been tied to attacks on **government entities** in **South America** and **southeastern Europe**, showing a multi-region operation with post-exploita...

Open Happening

ScarCruft sqgame[.]net supply-chain espionage campaign

Campaign
First: 05.05.2026 12:07 Last: 05.05.2026 12:07 Sources 1

About this happening: **ScarCruft**'s **late-2024** supply-chain campaign against **sqgame[.]net** expanded a niche gaming platform compromise into a **multi-platform espionage channel**. The operation...

Open Happening

Tropic Trooper trojanized SumatraPDF remote-access campaign

Campaign
First: 24.04.2026 12:29 Last: 24.04.2026 12:29 Sources 1

About this happening: **Tropic Trooper** is running an active **campaign** that uses a **trojanized SumatraPDF** lure to plant **AdaptixC2 Beacon** and later abuse **VS Code tunnels** for remote access...

Open Happening

Timeline

  1. 06.03.2026 10:22 2 articles · 2mo ago

    UAT-9244 South America telecommunications targeting campaign

    Initial Disclosure

    The first documented phase centers on **TernDoor** targeting **Windows** hosts through **DLL side-loading** with `wsprint.exe` and `BugSplatRc64.dll`. After launch, it loads in memory and establishes persistence through a scheduled task or the Registry Run key.

    Show sources
    Open in new tab
  2. 06.03.2026 01:19 2 articles · 2mo ago

    UAT-9244 telecom campaign analysis and IoCs

    Technical Analysis Update

    A China-linked activity cluster tracked as UAT-9244 is analyzed as targeting telecommunication service providers in South America since 2024, compromising Windows, Linux, and network-edge devices with three previously undocumented malware families: TernDoor, PeerTime, and BruteEntry. The activity uses DLL side-loading, BitTorrent-based C2, brute-force scanning against SSH, Postgres, and Tomcat, and published IoCs support early detection and blocking.

    Show sources
    Open in new tab