UAT-9244 targets South American telecommunication providers with three new malware implants

Cisco Talos details UAT-9244, a China-aligned APT targeting telecommunications infrastructure since 2024, deploying three implants: TernDoor (a Windows CrowDoor variant delivered via DLL side-loading and accompanied by a malicious driver), PeerTime (an ELF BitTorrent-based P2P backdoor for embedded/Linux systems), and BruteEntry (a Go-based brute-force scanner that establishes operational relay boxes to crack SSH/Postgres/Tomcat). The report includes technical analysis of infections, persistence, C2 mechanisms, associated infrastructure and certificates, numerous file and script hashes, IPs and domains, and detection signatures/IOCs for defenders.