UAT-7290 targets high value telecommunications infrastructure in South Asia

Cisco Talos has disclosed UAT-7290, a sophisticated China-nexus APT actor active since at least 2022, targeting telecommunications infrastructure in South Asia and expanding into Southeastern Europe. UAT-7290 employs a malware suite including RushDrop, DriveSwitch, and SilentRaid, and conducts extensive reconnaissance before intrusions, also potentially establishing Operational Relay Box (ORB) nodes for other threat actors.

Edward Kiledjian @ekiledjian