A China-linked cyberespionage group has been conducting a targeted campaign against telecommunications providers in South America since 2024, utilizing a trio of malware tools to establish persistent access to critical infrastructure. The malware, tied to the UAT-9244 intrusion, has been linked to the infamous Sparrow and Tropic Trooper groups, known for their sophisticated cyberespionage operations. Researchers at Cisco Talos discovered the new malware tools, which are designed to evade detection and maintain long-term access to compromised systems. The campaign highlights the ongoing threat posed by China-linked cyberespionage groups to the global telecommunications sector. The use of customized malware tools demonstrates the group's ability to adapt and evolve their tactics to evade detection1. This campaign matters to practitioners because it underscores the need for telecommunications providers to enhance their security measures to prevent and detect such targeted attacks.