BleepingComputer reports that telecommunications providers across South America have been targeted by China-linked advanced persistent threat operation UAT-9244 with the newly discovered TernDoor and PeerTime backdoors for Windows and Linux, respectively, as well as the BruteEntry brute-force scanner, since 2024.UAT-9244, which is associated with the FamousSparrow and Tropic Trooper groups, leveraged DLL sideloading to deliver TernDoor, which exploits a Windows driver for process resumption or termination, an analysis from Cisco Talos researchers showed. Aside from enabling persistence through Windows Registry changes and scheduled tasks, TernDoor also permits remote shell command and arbitrary process execution, system information gathering, and self-removal.On the other hand, the ELF-based peer-to-peer PeerTime backdoor, which has C/C++ and Rust versions, allows the compromise of various architectures, including MIPS, ARM, PPC, and AARCH. Meanwhile, BruteEntry has been used by UAT-9244 to convert breached devices into operational relay boxes, which then facilitate SSH, Tomcat, and Postgres brute-forcing.
Malware, Threat Intelligence, Critical Infrastructure Security
Chinese APT taps novel malware in telco attacks

(Adobe Stock)
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



