"8302 targets government agencies a key implant in these attacks is netdraft, a. net - based backdoor that talos describes as a c # variant of the finaldraft / squiddoor family previously used by china - nexus actors such as jewelbug, ref7707, and cl - sta - 0049. during runtime, …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1087.002Domain Account
93%
", including powershell tools like “ whatpc. ps1 ” to enumerate users, groups, network configuration, startup items, domain controllers, and domain admin memberships. the operators run ping sweeps and smb scans with batch files and nbtscan, and they add more advanced scanners such…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
71%
"exe or spoolsv. exe to collect system information, enumerate files, and retrieve c2 details from legitimate services such as github or online profiles before contacting attacker - controlled infrastructure or cloud storage tokens. another component is vshell, delivered via a gene…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1090.001Internal Proxy
55%
"mobaxterm may be dumped to pivot further across sensitive systems. to maintain flexible backdoor access, uat - 8302 sets up proxy chains and vpn tunnels inside victim environments. open - source tools such as stowaway, anyproxy, and softether vpn clients are used to tunnel traffi…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1133External Remote Services
34%
"suspicious vpn or proxy deployments, especially when combined with dll side - loading patterns. given uat - 8302 ’ s focus on stealth and tool reuse, defenders should prioritize behavior - based detections and robust logging to spot these activities early. follow us on google new…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
<p>A new China-linked hacking group, tracked as UAT-8302, that is using custom malware and open-source tools to spy on government organizations in South America and southeastern Europe. The campaign focuses on long-term access and data theft, combining advanced backdoors like NetDraft and CloudSorcerer with aggressive network reconnaissance and credential theft. Researchers assess with high confidence […]</p>
<p>The post <a href="https://gbhackers.com/uat-8302-targets-government-agencies/">UAT-8302 Targets Government Agencies With Custom Malware and Open-Source Tools</a> appeared first on <a href="https://gbhackers.com">GBHackers Security | #1 Globally Trusted Cyber Security News Platform</a>.</p>