A Chinese-speaking advanced persistent threat (APT) actor has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access within high-value victim environments.
The activity has been attributed by Cisco Talos to an activity cluster it tracks as UAT-7237, which is believed to be active since at least 2022.



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/08/taiwan-web-servers-breached-by-uat-7237.html