ctipilot.ch

Home · Live brief · Weekly 2026-W19

UAT-8302 (China-nexus, Talos; SE European government victims)

notable synthesis discovered 2026-05-04 05:00 UTC single-source

Entities: UAT-8302

Part of run 2026-W19-a5788b22 (weekly · Claude Opus 4.7)

Current state: long-term gov-network access operations against South American government networks since late 2024 and southeastern European government agencies in 2025 — Talos disclosure published 2026-05-05 was the first detailed write-up. Tooling overlap links UAT-8302 to multiple Chinese-quartermaster-shared clusters (Ink Dragon, Earth Alux, Jewelbug, REF7707, LongNosedGoblin, Erudite Mogwai / Space Pirates). No new in-window developments beyond the original Talos disclosure (2026-05-05), and state/covered_items.json carries it as first-covered 2026-05-06. Outstanding defender question: whether southeastern European government victim list will expand publicly. Initial-access CVE not yet disclosed; Talos referenced post-compromise tooling (gogo scanner, Impacket, NetDraft/NosyDoor, CloudSorcerer v3.0, SNOWLIGHT/SNOWRUST, Deed RAT/Snappybee, Zingdoor, Draculoader, Stowaway, SoftEther VPN) rather than the entry vector.

nation-state espionage china-nexus europe global