A China-linked advanced persistent threat actor, tracked as UAT-9244, has been targeting South American telecommunications infrastructure since 2024, compromising Windows, Linux, and edge devices with customized implants, including TernDoor, PeerTime, and BruteEntry1. This threat actor is closely associated with another cluster, FamousSparrow, and has been observed using these implants to gain persistence and evade detection. The attacks have significant implications for the security of critical infrastructure, as they indicate a shift from financially motivated crime to state-aligned activity. The use of customized implants and targeting of specific regions suggests a high degree of sophistication and planning. This activity has been tracked by Cisco Talos, which has highlighted the importance of understanding the threat model associated with state-aligned actors. So what matters to practitioners is that this state-aligned activity requires a different approach to security, one that takes into account the geopolitical motivations and capabilities of these threat actors.
China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
⚠️ Critical Alert
Why This Matters
State-aligned activity involving Cisco shifts the threat model from criminal to geopolitical — different playbook required.
References
- The Hacker News. (2026, March 6). China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks. The Hacker News. https://thehackernews.com/2026/03/china-linked-hackers-use-terndoor.html
Original Source
The Hacker News
Read original →