Cisco Talos has reported a China-linked threat actor known as UAT-7290 that has been spying on telecommunications companies since 2022. The group uses Linux malware, exploits on edge devices, and ORB infrastructure to maintain access to targeted networks.
Cisco Talos, a cybersecurity firm, has detailed the activities of UAT-7290, a threat actor linked to China, in a recent analysis. This group has focused its espionage efforts on the telecommunications sector, initiating operations as early as 2022.
The primary tools in UAT-7290's arsenal include custom Linux malware designed to infiltrate and persist within telecom environments. These malicious programs allow the actors to exfiltrate sensitive data and monitor network traffic undetected.
In addition to the malware, UAT-7290 exploits vulnerabilities in edge devices, which serve as entry points into broader telecom infrastructures. Once inside, the group deploys ORB nodes—specialized components of their infrastructure—to ensure long-term access and control over compromised systems.
This campaign highlights ongoing risks to critical infrastructure in the telecom industry, where persistent threats can lead to significant data compromises. Cisco Talos's findings underscore the sophistication of state-linked operations, emphasizing the need for robust defenses against such targeted intrusions.
No specific victims or additional technical details beyond these methods were disclosed in the report, but the focus on telecoms suggests strategic interests in communication networks.
