■■■□□ A Chinese-speaking advanced persistent threat (APT) actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access within high-value victim environments.
The activity has been attributed by Cisco Talos to an activity cluster it tracks as UAT-7237, which is believed to be active since at least 2022. The hacking group is assessed to be a sub-group of UAT-5918, which is known to be attacking critical infrastructure entities in Taiwan as far back as 2023.
https://thehackernews.com/2025/08/taiwan-web-servers-breached-by-uat-7237.html