A China-linked hacking group tracked as UAT-8302 has been conducting targeted intrusions against government institutions in South America and southeastern Europe, deploying custom-built malware in what researchers at Cisco Talos describe as an ongoing advanced persistent threat campaign stretching from late 2024 into 2025.

Cisco Talos has identified a sophisticated Chinese state-linked hacking group, UAT-8302, that has been systematically targeting government institutions in South America since late 2024 and southeastern Europe in 2025, in what appears to be a coordinated espionage campaign spanning multiple continents.