| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UAT-8616 is a highly sophisticated cyber threat actor attributed by Cisco Talos, with evidence of activity dating back to at least 2023. They have been observed exploiting CVE-2026-20127 in the wild and previously exploited CVE-2022-20775 by escalating to root user access through a software version downgrade. Their operations indicate a focus on targeting network edge devices to establish persistent footholds in high-value organizations, including Critical Infrastructure sectors.
There are currently no families associated with this actor.
| 2026-02-25
⋅
Cisco Talos
⋅
Active exploitation of Cisco Catalyst SD-WAN by UAT-8616 UAT-8616 |