A Chinese-speaking advanced persistent threat (APT) group has been identified as focusing on web infrastructure organizations in Taiwan by utilizing tailored variations of open-source tools, intending to secure prolonged access within high-value target environments.
This operation has been linked by Cisco Talos to an activity cluster it refers to as UAT-7237, which is thought to have been operational since at least 2022.