Trending Topics

China-Linked Hackers Alarmed as Proxy Network Grows with New Malware

Time:2010-12-5 17:23:32  Author:Focus   Source:Encyclopedia  Views:  Comments:0
Summary:**China-Linked Hackers Alarmed as Proxy Network Grows with New Malware** *Cisco Talos reports that



referrerpolicy="no-referrer"
style="max-width:100%;height:auto;display:block;margin:0 auto;">


**China-Linked Hackers Alarmed as Proxy Network Grows with New Malware**
*Cisco Talos reports that APT UAT‑7810 is expanding its proxy relay infrastructure with freshly discovered malware.*

### Introduction
Cybersecurity researchers at Cisco Talos have issued a warning about a notable escalation in the activities of a China‑linked advanced persistent threat group known as UAT‑7810. The group, which has been observed targeting government entities, technology firms, and critical infrastructure across Asia and Europe, is now bolstering its covert proxy relay network with a new strain of malware. The development raises concerns about the group’s ability to obscure its command‑and‑control (C2) traffic and prolong undetected operations.

### Key Developments
According to the Talos threat intelligence report released on November 2, UAT‑7810 has deployed a modular backdoor dubbed “RelayX” that functions both as a data exfiltration tool and as a proxy node. RelayX infects compromised Windows and Linux hosts, establishes encrypted tunnels, and then forwards traffic through a growing mesh of relay servers located in compromised third‑party networks. The malware employs domain‑generation algorithms (DGAs) and custom encryption to evade signature‑based detection, while its proxy capabilities allow the attackers to route malicious traffic through seemingly benign IP addresses, complicating attribution efforts.

Telemetry collected by Talos indicates a 35 % increase in the number of active relay nodes attributed to UAT‑7810 over the past six weeks, with new installations appearing in Southeast Asia, Eastern Europe, and the Middle East. The group’s targeting pattern has also shifted slightly, showing increased interest in supply‑chain vendors that provide software updates to large enterprises.

### Industry Analysis
Security analysts note that the evolution of UAT‑7810’s proxy network reflects a broader trend among state‑sponsored actors: the adoption of “living‑off‑the‑land” techniques combined with custom malware to create resilient, hard‑to‑trace infrastructure.
copyright © 2026 powered by Urban Hub   sitemap