China-Linked Hackers Use TernDoor, PeerTime, BruteEntry in South American Telecom Attacks
Summary
A China-linked advanced persistent threat (APT) actor has been targeting South American telecommunications infrastructure since 2024. The group, tracked as UAT-9244 and associated with FamousSparrow, is deploying three distinct implants: TernDoor, PeerTime, and BruteEntry, against Windows, Linux, and edge devices.
IFF Assessment
The discovery of a persistent, sophisticated threat actor targeting critical infrastructure with multiple advanced implants represents a significant threat to defenders.
Defender Context
Defenders should be vigilant for signs of compromise from APT groups targeting telecommunications infrastructure, especially in South America. Monitoring for the specific implants (TernDoor, PeerTime, BruteEntry) and the known APT actor's tactics, techniques, and procedures (TTPs) is crucial for early detection and response.