APT / THREAT GROUP
UAT-8616
1
aliases
Last seen:Mar 17, 2026
Intelligence Profile
UAT-8616 is a highly sophisticated cyber threat actor attributed by Cisco Talos, with evidence of activity dating back to at least 2023. They have been observed exploiting CVE-2026-20127 in the wild and previously exploited CVE-2022-20775 by escalating to root user access through a software version downgrade. Their operations indicate a focus on targeting network edge devices to establish persistent footholds in high-value organizations, including Critical Infrastructure sectors.
Threat Analysis
UAT-8616 is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning UAT-8616
Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026
SecurityWeek· May 15, 2026
Active exploitation of Cisco Catalyst SD-WAN by UAT-8616
Talos Blog· Feb 25, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases1
SourceMalpedia
Also Known As
UAT-8616
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.