China-Linked UAT-8302 Targets Governments Using Shared APT Malware Across Regions

What’s new: A China-linked advanced persistent threat (APT) group, tracked as UAT-8302, has been targeting government entities in South America since late 2024 and in southeastern Europe in 2025. The group utilizes custom malware, including a .NET-based backdoor called NetDraft, which is linked to other China-aligned hacking groups. UAT-8302 employs various tools such as CloudSorcerer, SNOWLIGHT, and Deed RAT, indicating a sophisticated level of collaboration with other threat actors.

Who’s affected

Government agencies in South America and southeastern Europe are the primary targets of UAT-8302. Additionally, Russian IT organizations have also been targeted using similar malware.

What to do

• Implement robust network monitoring to detect unusual activity indicative of APT behavior.
• Regularly update and patch web applications to mitigate exploitation risks from zero-day and N-day vulnerabilities.
• Conduct thorough reconnaissance and vulnerability assessments to identify potential entry points for attackers.
• Utilize endpoint protection solutions that can detect and block known malware families associated with UAT-8302.

Sources

• The Hacker News