ctipilot.ch

UAT-8302

actor · actor:uat-8302 single-source

UAT-8302 — China-nexus APT targeting government entities in South America and southeastern Europe

Coverage timeline
1
first 2026-05-04 → last 2026-05-04
Entries
1
1 distinct days
Sources cited
1
1 hosts
Sections touched
1
weekly-long-running
Co-occurring entities
0
no co-occurrence

Story timeline

  1. 2026-05-04UAT-8302 (China-nexus, Talos; SE European government victims)
    weekly-long-runningUAT-8302 (China-nexus, Talos; SE European government victims)

Where this entity is cited

  • weekly-long-running1

Source distribution

  • blog.talosintelligence.com1 (100%)

Entries about UAT-8302 (1)

2026-05-04 · view entry permalink →

UAT-8302 (China-nexus, Talos; SE European government victims)

notable synthesis discovered 2026-05-04 05:00 UTC single-source

Current state: long-term gov-network access operations against South American government networks since late 2024 and southeastern European government agencies in 2025 — Talos disclosure published 2026-05-05 was the first detailed write-up. Tooling overlap links UAT-8302 to multiple Chinese-quartermaster-shared clusters (Ink Dragon, Earth Alux, Jewelbug, REF7707, LongNosedGoblin, Erudite Mogwai / Space Pirates). No new in-window developments beyond the original Talos disclosure (2026-05-05), and state/covered_items.json carries it as first-covered 2026-05-06. Outstanding defender question: whether southeastern European government victim list will expand publicly. Initial-access CVE not yet disclosed; Talos referenced post-compromise tooling (gogo scanner, Impacket, NetDraft/NosyDoor, CloudSorcerer v3.0, SNOWLIGHT/SNOWRUST, Deed RAT/Snappybee, Zingdoor, Draculoader, Stowaway, SoftEther VPN) rather than the entry vector.

nation-state espionage china-nexus europe global