China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks

Hold up — China-linked threat actor UAT-9244 is going HARD on South American telecom networks. They're deploying a nasty trio of malware: TernDoor, PeerTime, and BruteEntry. This isn't just Windows — they're hitting Linux systems and edge devices too. Full-spectrum attack mode activated.

Cisco Talos just dropped the intel — these ops are pure cyber espionage. They're after telecom infrastructure across multiple South American countries. Think data exfiltration, network persistence, the whole spy game.

The malware stack is engineered for stealth. TernDoor uses encrypted C2 comms, PeerTime masquerades as legitimate processes, and BruteEntry just hammers SSH credentials until something gives. This is coordinated, professional-grade hacking.

UAT-9244 has been active since at least 2023. Their TTPs (tactics, techniques, procedures) show clear Chinese state-sponsored patterns. They're not amateurs — this is nation-level cyber ops targeting critical infrastructure.

The attack chain starts with initial access (phishing, exploits), then lateral movement using the malware toolkit. Once they're in, they establish persistent footholds across the network. Telecoms = high-value targets for intelligence gathering and potential disruption.

Security teams need to check for: Unusual SSH activity, unknown processes on Linux systems, encrypted outbound traffic to suspicious IPs. Cisco Talos has published IOCs (indicators of compromise) — time to hunt.

Bottom line: Chinese cyber ops are expanding in Latin America. Telecom infrastructure is in the crosshairs. If you're in secops at a telco, assume you're already targeted. Patch, monitor, and prepare for the next wave.