| SYMBOL | COMMON_NAME | aka. SYNONYMS |
UAT-8837 is a sophisticated China-linked APT group exploiting critical zero-day vulnerabilities, such as CVE-2025-53690 in the Sitecore platform, to achieve remote code execution and deploy the WeepSteel backdoor for espionage and data exfiltration. The group targets high-value enterprise and government sectors, focusing on public-facing applications to gain initial access and conducting stealthy reconnaissance. UAT-8837 employs techniques like privilege escalation by creating administrative accounts and is linked to targeted intrusions aimed at credential harvesting and internal reconnaissance.
There are currently no families associated with this actor.
| 2026-01-15
⋅
Cisco Talos
⋅
UAT-8837 targets critical infrastructure sectors in North America Earthworm Rubeus SharpHound SharpWMI UAT-8837 |