UAT-8302 government-targeting campaign across South America and southeastern Europe
Campaign
Summary
Hide ▲
Show ▼
The UAT-8302 campaign has been tied to attacks on government entities in South America and southeastern Europe, showing a multi-region operation with post-exploitation malware deployment. The group uses shared APT tooling including NetDraft/NosyDoor, CloudSorcerer, SNOWLIGHT, Deed RAT, Zingdoor, Draculoader, and SNOWRUST. The intrusion chain emphasizes reconnaissance, lateral movement, and VShell staging after foothold. Initial access remains unconfirmed, but suspected web application exploitation suggests continued pressure on exposed government environments.
Related Happenings
OceanLotus SPECTRALVIPER campaigns targeting Vietnam
Campaign
H score33
First: 11.06.2026 12:45
Last: 11.06.2026 12:45
Sources 1
About this happening:
**OceanLotus** expanded its **Vietnam-focused espionage operations** with two attributed campaigns using **SPECTRALVIPER**, broadening risk to a **Vietnamese infrastructure and tr...
OceanLotus SPECTRALVIPER campaigns targeting Vietnam
CampaignAbout this happening: **OceanLotus** expanded its **Vietnam-focused espionage operations** with two attributed campaigns using **SPECTRALVIPER**, broadening risk to a **Vietnamese infrastructure and tr...
Secret Blizzard Kazuar modular P2P botnet
Malware Activity
H score28
First: 16.05.2026 17:15
Last: 16.05.2026 17:15
Sources 1
About this happening:
**Kazuar** is being used in a **multi-stage campaign in Ukraine** that ESET says likely involves **Gamaredon** providing access and **Turla/Secret Blizzard** delivering the backdo...
Secret Blizzard Kazuar modular P2P botnet
Malware ActivityAbout this happening: **Kazuar** is being used in a **multi-stage campaign in Ukraine** that ESET says likely involves **Gamaredon** providing access and **Turla/Secret Blizzard** delivering the backdo...
MuddyWater broad cyber-espionage campaign across sectors and countries
Campaign
H score37
First: 14.05.2026 00:59
Last: 14.05.2026 00:59
Sources 1
About this happening:
**MuddyWater** was tied to a **2026 espionage campaign** affecting **at least nine organizations** across **nine countries** on **four continents**, with victims in **industrial a...
MuddyWater broad cyber-espionage campaign across sectors and countries
CampaignAbout this happening: **MuddyWater** was tied to a **2026 espionage campaign** affecting **at least nine organizations** across **nine countries** on **four continents**, with victims in **industrial a...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
Campaign
H score41
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
CampaignAbout this happening: The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets
Campaign
H score39
First: 01.05.2026 17:02
Last: 01.05.2026 17:02
Sources 1
About this happening:
**SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...
SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets
CampaignAbout this happening: **SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...
Timeline
-
05.05.2026 17:19 2 articles · 2mo ago
UAT-8302 government-targeting campaign across South America and southeastern Europe
Initial DisclosureInitial access is not yet confirmed, but the operation appears to start with **web application exploitation** before **network reconnaissance** and **lateral movement**. The earliest visible stage shifts the activity from foothold acquisition into payload staging and backdoor deployment.
Show sources
- China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions — thehackernews.com — 05.05.2026 17:19
- China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions — thehackernews.com — 05.05.2026 17:19