March 18, 2026

China-Linked Hackers Target South American Telecoms with TernDoor, PeerTime, and BruteEntry Malware

Vaibhav March 6, 2026
China-Linked-Hackers-Target-South-American-Telecoms-with-TernDoor-PeerTime-and-BruteEntry-Malwaredata
Post Views: 27

Cisco Talos Uncovers China-Linked Hacking Group Targeting South American Telecoms

A sophisticated China-linked hacking group has been targeting critical telecommunications infrastructure in South America since 2024, utilizing three distinct malware implants to compromise Windows, Linux, and edge devices.

Threat Actor and Tactics

The threat actor, tracked by Cisco Talos as UAT-9244, has been linked to another cluster known as FamousSparrow, which shares similarities with the Salt Typhoon espionage group.

The attackers have employed a range of tactics to gain initial access to targeted systems, including exploiting outdated versions of Windows Server and Microsoft Exchange Server to deploy web shells.

Malware Implants

One of the malware implants, known as TernDoor, targets Windows systems and is deployed through DLL side-loading.

It leverages a legitimate executable to launch a rogue DLL, which decrypts and executes the final payload in memory.

TernDoor establishes persistence on the host through scheduled tasks or the Registry Run key and exhibits distinct differences from similar malware variants.

PeerTime and BruteEntry

A second implant, dubbed PeerTime, is a Linux peer-to-peer backdoor that targets embedded systems.

It is compiled for multiple architectures and is deployed via a shell script.

PeerTime uses the BitTorrent protocol to fetch command-and-control (C2) information and can rename itself to evade detection.

The third implant, BruteEntry, is a brute-force scanner installed on edge devices to turn them into mass-scanning proxy nodes.

It is capable of brute-forcing Postgres, SSH, and Tomcat servers and reports successful logins back to the C2 server.

Attacker Infrastructure

The attackers’ infrastructure has been found to contain a range of shell scripts and payloads, including instrumentor binaries and debug strings in Simplified Chinese.

This suggests that the threat actor is of Chinese origin and has created custom binaries for their operations.

Conclusion

The discovery of these malware implants highlights the ongoing threat posed by China-linked hacking groups to critical infrastructure in South America.

The use of sophisticated tactics and customized malware underscores the need for organizations to maintain robust cybersecurity measures to detect and prevent such attacks.

According to Cisco Talos, “The discovery of these malware implants highlights the ongoing threat posed by China-linked hacking groups to critical infrastructure in South America.”



About Author

Vaibhav

See author's posts

More Stories

Language of the Board: CISO-Board Time Falls Short and CISOs Struggle with Risk Management

Language of the Board: CISO-Board Time Falls Short and CISOs Struggle with Risk Management

Vaibhav March 18, 2026
Big Tech Companies Join Forces to Enhance Open Source Security Solutions and Ecosystem Development

Big Tech Companies Join Forces to Enhance Open Source Security Solutions and Ecosystem Development

Vaibhav March 18, 2026
Protecting Against AI-Driven Threats: Abnormal AI Attune 1.0 Behavioral Detection

Protecting Against AI-Driven Threats: Abnormal AI Attune 1.0 Behavioral Detection

Vaibhav March 18, 2026

Latest Cyber Security News

Language of the Board: CISO-Board Time Falls Short and CISOs Struggle with Risk Management

Language of the Board: CISO-Board Time Falls Short and CISOs Struggle with Risk Management

Vaibhav March 18, 2026
Large-Scale AI Code Security Analysis with Xint Code: Revolutionizing Cybersecurity

Large-Scale AI Code Security Analysis with Xint Code: Revolutionizing Cybersecurity

Vaibhav March 18, 2026
Big Tech Companies Join Forces to Enhance Open Source Security Solutions and Ecosystem Development

Big Tech Companies Join Forces to Enhance Open Source Security Solutions and Ecosystem Development

Vaibhav March 18, 2026
Protecting Against AI-Driven Threats: Abnormal AI Attune 1.0 Behavioral Detection

Protecting Against AI-Driven Threats: Abnormal AI Attune 1.0 Behavioral Detection

Vaibhav March 18, 2026
Agentic OSINT: Revolutionizing Intelligence Gathering with AI-Powered Tools

Agentic OSINT: Revolutionizing Intelligence Gathering with AI-Powered Tools

Vaibhav March 18, 2026
en_USEnglish
en_USEnglish