UAT-8302 government-targeting campaign across South America and southeastern Europe
Campaign
Summary
Hide ▲
Show ▼
The UAT-8302 campaign has been tied to attacks on government entities in South America and southeastern Europe, showing a multi-region operation with post-exploitation malware deployment. The group uses shared APT tooling including NetDraft/NosyDoor, CloudSorcerer, SNOWLIGHT, Deed RAT, Zingdoor, Draculoader, and SNOWRUST. The intrusion chain emphasizes reconnaissance, lateral movement, and VShell staging after foothold. Initial access remains unconfirmed, but suspected web application exploitation suggests continued pressure on exposed government environments.
Related Happenings
Secret Blizzard Kazuar modular P2P botnet
Malware Activity
First: 16.05.2026 17:15
Last: 16.05.2026 17:15
Sources 1
About this happening:
**Kazuar** is being used in a **multi-stage campaign in Ukraine** that ESET says likely involves **Gamaredon** providing access and **Turla/Secret Blizzard** delivering the backdo...
Secret Blizzard Kazuar modular P2P botnet
Malware ActivityAbout this happening: **Kazuar** is being used in a **multi-stage campaign in Ukraine** that ESET says likely involves **Gamaredon** providing access and **Turla/Secret Blizzard** delivering the backdo...
MuddyWater broad cyber-espionage campaign across sectors and countries
Campaign
First: 14.05.2026 00:59
Last: 14.05.2026 00:59
Sources 1
About this happening:
**MuddyWater** was tied to a **2026 espionage campaign** affecting **at least nine organizations** across **nine countries** on **four continents**, with victims in **industrial a...
MuddyWater broad cyber-espionage campaign across sectors and countries
CampaignAbout this happening: **MuddyWater** was tied to a **2026 espionage campaign** affecting **at least nine organizations** across **nine countries** on **four continents**, with victims in **industrial a...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
Campaign
First: 13.05.2026 16:00
Last: 13.05.2026 16:00
Sources 1
About this happening:
The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
Shadow-Aether-040 AI-augmented campaign against Mexican government entities
CampaignAbout this happening: The **Shadow-Aether-040** campaign used **AI agents** and custom tooling to compromise **six government entities in Mexico**, increasing the risk of follow-on intrusion and **data...
SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets
Campaign
First: 01.05.2026 17:02
Last: 01.05.2026 17:02
Sources 1
About this happening:
**SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...
SHADOW-EARTH-053 China-aligned espionage campaign against Asian government and defense targets
CampaignAbout this happening: **SHADOW-EARTH-053** is running an active **China-aligned espionage campaign** against **government and defense** targets across **South, East, and Southeast Asia** and **Poland**...
Mongolian governmental institution hit by network compromise
Incident
First: 23.04.2026 12:04
Last: 23.04.2026 12:04
Sources 1
About this happening:
A **Mongolian governmental institution** was found to have **about 12 systems** infected by **GopherWhisper** backdoors, exposing a live government compromise and the potential fo...
Mongolian governmental institution hit by network compromise
IncidentAbout this happening: A **Mongolian governmental institution** was found to have **about 12 systems** infected by **GopherWhisper** backdoors, exposing a live government compromise and the potential fo...
Timeline
-
05.05.2026 17:19 2 articles · 22d ago
UAT-8302 government-targeting campaign across South America and southeastern Europe
Initial DisclosureInitial access is not yet confirmed, but the operation appears to start with **web application exploitation** before **network reconnaissance** and **lateral movement**. The earliest visible stage shifts the activity from foothold acquisition into payload staging and backdoor deployment.
Show sources
- China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions — thehackernews.com — 05.05.2026 17:19
- China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions — thehackernews.com — 05.05.2026 17:19