UAT-9244
Intelligence Profile
UAT-9244 is a China-nexus APT actor, disclosed by Cisco Talos on March 5, 2026, assessed with high confidence as closely associated with Famous Sparrow and overlapping with Tropic Trooper. Active since 2024, it exclusively targets South American telecommunication providers, deploying three novel cross-platform malware families: TernDoor (Windows backdoor with DLL side-loading and evasion driver), PeerTime (Linux/embedded backdoor using BitTorrent for resilient C2), and BruteEntry (GoLang scanner turning edge devices into Operational Relay Boxes for SSH/Postgres/Tomcat brute-force). The campaign enables persistent access, remote command execution, lateral movement, and infrastructure relay via unified C2 with shared SSL certificates and domains like bloopencil.net.
Threat Analysis
UAT-9244 is a advanced-sophistication threat actor attributed to China, engaged in cyber operations with a primary motivation of espionage.
The group's espionage-oriented operations suggest a state-sponsored or state-aligned mandate, typically focused on stealing intellectual property, government secrets, or military intelligence. Targets are usually selected for strategic value rather than financial gain.
Classified as an advanced threat actor, UAT-9244 likely develops or acquires zero-day exploits, employs custom malware toolchains, and demonstrates long-term persistence capabilities — hallmarks of a well-resourced operation consistent with nation-state backing.
Known Campaigns
UAT-9244 is a espionage threat actor attributed to China. UAT-9244 is a China-nexus APT actor, disclosed by Cisco Talos on March 5, 2026, assessed with high confidence as closely associated with Famous Sparrow and overlapping with Tropic Trooper. Active since 2024, it exclusively targets South American telecommunication providers, deplo...