CN

UAT-8837UAT-8837

Also known as: UAT-8837

Origin
CN
Known aliases
1

Profile

UAT-8837 is a sophisticated China-linked APT group exploiting critical zero-day vulnerabilities, such as CVE-2025-53690 in the Sitecore platform, to achieve remote code execution and deploy the WeepSteel backdoor for espionage and data exfiltration. The group targets high-value enterprise and government sectors, focusing on public-facing applications to gain initial access and conducting stealthy reconnaissance. UAT-8837 employs techniques like privilege escalation by creating administrative accounts and is linked to targeted intrusions aimed at credential harvesting and internal reconnaissance.

Aliases· 1

UAT-8837

References

  1. https://blog.talosintelligence.com/uat-8837/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
UAT-7237
Actor
UAT-8099
Actor
UNC3524
Actor
UTA0388
Actor
UAT-5918
Actor
UNC5325
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.