A China-linked hacking group tracked as UAT-8302 has been conducting targeted intrusions against government institutions in South America and southeastern Europe, deploying custom-built malware in what researchers at Cisco Talos describe as an ongoing advanced persistent threat campaign stretching from late 2024 into 2025.