UAT-9244 APT Campaign Targets Critical Telecom Networks
Cisco Talos researchers discovered a China-linked advanced persistent threat group designated UAT-9244 conducting sustained attacks against telecommunications infrastructure across South America. The campaign began in 2024 and continues to target critical network systems. CISA's vulnerability catalog tracks similar infrastructure-focused threats.
The threat group deploys three distinct malware implants designed to compromise different system types. Researchers identified connections between UAT-9244 and another known cluster called FamousSparrow, suggesting coordinated operations.
South American Telecom Operators Under Attack
The attacks specifically target telecommunications companies operating critical infrastructure in South America. Both Windows and Linux systems face compromise, along with network edge devices that handle routing and switching functions.
The broad targeting approach indicates the attackers seek persistent access to telecommunications networks rather than focusing on specific vendors or technologies.
Three-Pronged Malware Strategy Deployed
UAT-9244 employs three separate implants tailored for different system architectures. The Windows implant targets desktop and server environments, while the Linux variant focuses on network infrastructure systems.
A third implant specifically targets edge devices, allowing attackers to maintain persistence at critical network chokepoints. Organizations should monitor network traffic for unusual patterns and implement security updates across all infrastructure components.
