VulnHub

Real-time Cybersecurity News

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

Security Affairs
Actively Exploited
VulnerabilityMalware

Overview

The China-linked hacking group UAT-7290 has been actively spying on telecom providers in South Asia and Southeastern Europe since 2022. This group uses modular malware, including tools named RushDrop, DriveSwitch, and SilentRaid, to infiltrate and monitor their targets. By embedding deeply within the victim networks, they conduct extensive espionage operations that could compromise sensitive communications and data. The ongoing attacks raise concerns about the vulnerability of telecom infrastructure in these regions and the potential risks to national security and privacy for users. As these threats continue to evolve, it is crucial for telecom companies to enhance their cybersecurity measures to protect against such sophisticated espionage tactics.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Telecom providers in South Asia and Southeastern Europe
  • Action Required: Telecom companies should enhance network security measures, implement regular security audits, and monitor for unusual activity to mitigate risks.
  • Timeline: Ongoing since 2022

Original Article Summary

China-linked UAT-7290 has targeted South Asia and Southeastern Europe since 2022, conducting espionage and deploying RushDrop, DriveSwitch, and SilentRaid. China-linked threat actor UAT-7290 has conducted espionage attacks since at least 2022, targeting South Asia and Southeastern Europe. UAT-7290 primarily targets telecom providers, it conducts espionage by deeply embedding in victim networks and also operates Operational […]

Impact

Telecom providers in South Asia and Southeastern Europe

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since 2022

Remediation

Telecom companies should enhance network security measures, implement regular security audits, and monitor for unusual activity to mitigate risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Vulnerability, Malware.

Read Original Article

Related Coverage

ShinyHunters Claims Rockstar Games Snowflake Breach via Anodot

Hackread – Cybersecurity News, Data Breaches, AI and More

ShinyHunters, a known hacking group, claims to have gained access to data from Rockstar Games' Snowflake platform due to a breach involving Anodot, a data analytics company. They have threatened to leak this data on April 14 unless their ransom demands are met. This incident raises concerns about the security of sensitive information related to Rockstar, a major player in the gaming industry. If the breach is legitimate, it could expose user data and proprietary information, impacting both the company and its customers. The situation is still developing, and Rockstar Games has not yet confirmed the breach or provided details on any potential data compromise.

Apr 11, 2026

US Treasury to offer free cybersecurity intelligence to crypto firms

SCM feed for Latest

The U.S. Treasury Department's Office of Cybersecurity and Critical Infrastructure Protection has announced a new initiative aimed at sharing cyber threat intelligence with cryptocurrency firms. This program is designed to help these companies better identify, prevent, and respond to cyber threats, especially as attacks on the crypto sector grow more frequent and sophisticated. The initiative comes in response to increasing concerns over security vulnerabilities in the cryptocurrency market, which has become a prime target for cybercriminals. By providing free intelligence resources, the Treasury hopes to strengthen the security posture of these firms and protect consumers. This move reflects a broader recognition of the need for enhanced security measures in the rapidly evolving digital currency landscape.

Apr 10, 2026

Hims Breach Exposes the Most Sensitive Kinds of PHI

darkreading

Hims, a telehealth company, has suffered a data breach that exposes sensitive personal health information (PHI) of its users. The breach could reveal details about users' conditions, such as baldness, obesity, or erectile dysfunction. The attackers may misuse this data for identity theft, targeted phishing scams, or other malicious activities. This incident raises serious concerns about the protection of personal health data in the telehealth sector, highlighting the ongoing challenges companies face in safeguarding sensitive information. Users of Hims should be vigilant about potential phishing attempts and monitor their accounts for unusual activity.

Apr 10, 2026

Your Next Breach Will Look Like Business as Usual

darkreading

Cybersecurity teams are facing an increasing number of credential-based attacks, which are becoming more sophisticated and harder to detect. To combat this trend, experts suggest that teams need to shift their detection models to better identify these threats as they evolve. This includes adapting to the changing tactics used by attackers, who often disguise their activities to look like normal business operations. As organizations continue to rely on digital credentials for access, the risk of these types of attacks grows, potentially leading to significant data breaches and financial losses. Companies must stay vigilant and update their security strategies to protect against these emerging threats.

Apr 10, 2026

Bessent, Powell met privately with top bankers over impact of Claude Mythos on cybersecurity

SCM feed for Latest

In recent discussions, cybersecurity experts have raised alarms about the implications of Claude Mythos, a new threat that could impact various organizations. Financial institutions, particularly those that traditionally invest less in cybersecurity than larger banks, are urged to take immediate action to bolster their defenses. The meeting between Bessent and Powell, along with top bankers, indicates a growing concern about potential vulnerabilities that could be exploited by attackers. As cyber threats continue to evolve, companies must prioritize their cybersecurity strategies to protect sensitive data and maintain trust with customers. The conversation underscores the need for proactive measures in an increasingly digital landscape.

Apr 10, 2026

Your router may be vulnerable to Russian hackers, FBI warns: 5 steps to take now

Latest news

The FBI and NSA have issued a warning about Russian hackers taking advantage of vulnerabilities in routers. These attackers are reportedly exploiting weaknesses to gain unauthorized access to networks, potentially compromising personal and corporate data. This issue affects a wide range of router models, but specific brands and versions have not been disclosed. Users and businesses are encouraged to take proactive measures to secure their routers, as these vulnerabilities could lead to significant security breaches. Ensuring that firmware is updated and default settings are changed are among the recommended steps to mitigate the risk.

Apr 10, 2026