VERY IMPORTANT

UAT-7290, a sophisticated threat actor active since 2022, is targeting critical infrastructure entities in South Asia, particularly telecommunications providers. The group's arsenal includes malware families like RushDrop, DriveSwitch, SilentRaid, and Bulbature. UAT-7290 conducts extensive reconnaissance before intrusions, using one-day exploits and SSH brute force to compromise edge devices. The actor is believed to be a China-nexus APT, sharing similarities with APT10 and other known Chinese threat groups. UAT-7290 has recently expanded its targeting to Southeastern Europe and may establish Operational Relay Boxes for other China-nexus actors. Their malware suite primarily focuses on Linux systems but can also utilize Windows-based implants.