A China-linked advanced persistent threat group, tracked as UAT-8302, has been conducting targeted attacks against government entities in South America since late 2024 and southeastern Europe in 2025. The group's tactics involve post-exploitation techniques, including the deployment of custom-made malware families. This state-aligned activity indicates a shift in the threat model from criminal to geopolitical, requiring a different approach to mitigation. The use of shared APT malware across regions suggests a high level of sophistication and coordination among the attackers. Cisco Talos has been monitoring the group's activities, providing valuable insights into their techniques and motivations. The fact that UAT-8302 is targeting government agencies using shared malware1 highlights the need for a proactive and informed defense strategy. This threat matters to practitioners because it signals a geopolitical dimension to cyber attacks, necessitating a more nuanced understanding of the threat landscape and a tailored response to state-aligned activity.