Chinese-Linked Hackers Target South Asian Infrastructure with Advanced Malware Arsenal

Cisco Talos uncovers UAT-7290, a threat group infiltrating critical infrastructure with state-backed cyber operations since 2022.

By Content Team

Jan 11, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cisco Talos researchers have exposed UAT-7290, a sophisticated threat group active since 2022 that's been infiltrating critical infrastructure across South Asia. The hackers deploy a custom malware toolkit including RushDrop, DriveSwitch, and SilentRaid to establish persistent access and conduct espionage operations.

The group primarily targets telecommunications providers but has recently expanded into Southeastern Europe. They use one-day exploits and SSH brute force attacks to compromise edge devices, then burrow deep into victim networks. Beyond espionage, UAT-7290 also converts infected systems into operational relay boxes that other Chinese threat actors can use.

Cisco's analysis reveals significant overlaps with known Chinese military unit PLA 69010, suggesting state-sponsored backing for these ongoing cyber operations.

Source: Industrial Cyber

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Google's Vertex AI Default Settings Allow Privilege Escalation Attacks

Jan 18, 2026

React2Shell Vulnerability Under Widespread Attack Less Than a Week After Disclosure

Dec 9, 2025

Google Sues Chinese Cybercriminals Behind 'Lighthouse' Phishing Kit

Nov 12, 2025

Critical Net-SNMP Vulnerability Threatens Network Infrastructure Worldwide

Dec 26, 2025