A new advanced persistent threat (APT) actor, UAT-9244, has been targeting telecommunication service providers in South America since 2024. Researchers at Cisco Talos have linked it to FamousSparrow and Tropic Trooper hacker groups, but as a separate activity cluster. The malware uses three previously undocumented families: TernDoor (Windows backdoor), PeerTime (Linux backdoor with BitTorrent capabilities), and BruteEntry (brute-force scanner building proxy infrastructure). These malware families can execute commands via remote shell, run arbitrary processes, read/write files, collect system information, and self-uninstall. The attackers use the machines running BruteEntry to scan for new targets and brute-force access to SSH, Postgres, and Tomcat. To detect and block these attacks early, defenders can use indicators of compromise (IoCs) listed by Cisco Talos researchers.
Source: https://www.bleepingcomputer.com/news/security/chinese-state-hackers-target-telcos-with-new-malware-toolkit