Find notable cyber news and cases, enriched with sources, timelines, and signals.

UAT-8302 government-targeting campaign across South America and southeastern Europe

Campaign
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

The UAT-8302 campaign has been tied to attacks on government entities in South America and southeastern Europe, showing a multi-region operation with post-exploitation malware deployment. The group uses shared APT tooling including NetDraft/NosyDoor, CloudSorcerer, SNOWLIGHT, Deed RAT, Zingdoor, Draculoader, and SNOWRUST. The intrusion chain emphasizes reconnaissance, lateral movement, and VShell staging after foothold. Initial access remains unconfirmed, but suspected web application exploitation suggests continued pressure on exposed government environments.

Related Happenings

OceanLotus SPECTRALVIPER campaigns targeting Vietnam

Campaign
H score33 First: 11.06.2026 12:45 Last: 11.06.2026 12:45 Sources 1

About this happening: **OceanLotus** expanded its **Vietnam-focused espionage operations** with two attributed campaigns using **SPECTRALVIPER**, broadening risk to a **Vietnamese infrastructure and tr...

Secret Blizzard Kazuar modular P2P botnet

Malware Activity
H score28 First: 16.05.2026 17:15 Last: 16.05.2026 17:15 Sources 1

About this happening: **Kazuar** is being used in a **multi-stage campaign in Ukraine** that ESET says likely involves **Gamaredon** providing access and **Turla/Secret Blizzard** delivering the backdo...

MuddyWater broad cyber-espionage campaign across sectors and countries

Campaign
H score37 First: 14.05.2026 00:59 Last: 14.05.2026 00:59 Sources 1

About this happening: **MuddyWater** was tied to a **2026 espionage campaign** affecting **at least nine organizations** across **nine countries** on **four continents**, with victims in **industrial a...

Shadow-Aether-040 AI-augmented campaign against Mexican government entities

Campaign
H score41 First: 13.05.2026 16:00 Last: 13.05.2026 16:00 Sources 1

About this happening: The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...

SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets

Campaign
H score39 First: 01.05.2026 17:02 Last: 01.05.2026 17:02 Sources 1

About this happening: **SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...

Timeline

  1. 05.05.2026 17:19 2 articles · 2mo ago

    UAT-8302 government-targeting campaign across South America and southeastern Europe

    Initial Disclosure

    Initial access is not yet confirmed, but the operation appears to start with **web application exploitation** before **network reconnaissance** and **lateral movement**. The earliest visible stage shifts the activity from foothold acquisition into payload staging and backdoor deployment.

    Show sources