UAT-9686 is a threat actor attributed to CN. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does UAT-9686 exploit?

Specific CVE exploitation data for UAT-9686 is being tracked. Check the Strobes VI threat actor profile for updates.

UAT-9686

Exploited CVEs

Overview

UAT-9686 is a Chinese state-sponsored APT known for targeting networking infrastructure and edge appliances through a sophisticated espionage campaign. They exploit a critical flaw in the Cisco AsyncOS Spam Quarantine interface to gain root access and deploy custom malware, including AquaShell, along with Python scripts that execute natively. Their operations involve reverse tunneling and log purging, demonstrating a methodical approach to compromising communication infrastructure. Talos has observed overlaps in TTPs and tooling with other Chinese-nexus threat actors, indicating a consistent operational pattern.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database