Malware, Threat Intelligence, Critical Infrastructure Security

Chinese APT taps novel malware in telco attacks

China Flag Made of Binary Code and Chinese Symbols on Red Backgr

BleepingComputer reports that telecommunications providers across South America have been targeted by China-linked advanced persistent threat operation UAT-9244 with the newly discovered TernDoor and PeerTime backdoors for Windows and Linux, respectively, as well as the BruteEntry brute-force scanner, since 2024.

UAT-9244, which is associated with the FamousSparrow and Tropic Trooper groups, leveraged DLL sideloading to deliver TernDoor, which exploits a Windows driver for process resumption or termination, an analysis from Cisco Talos researchers showed. Aside from enabling persistence through Windows Registry changes and scheduled tasks, TernDoor also permits remote shell command and arbitrary process execution, system information gathering, and self-removal.

On the other hand, the ELF-based peer-to-peer PeerTime backdoor, which has C/C++ and Rust versions, allows the compromise of various architectures, including MIPS, ARM, PPC, and AARCH. Meanwhile, BruteEntry has been used by UAT-9244 to convert breached devices into operational relay boxes, which then facilitate SSH, Tomcat, and Postgres brute-forcing.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds