[Web3 Security Report]
A sophisticated, China-nexus threat actor known as UAT-7290 has been identified conducting espionage-focused intrusions against telecommunication entities in South Asia and Southeastern Europe. Active since at least 2022, this group is noted for conducting extensive technical reconnaissance of targets before initiating attacks.
Crucially, the attack infrastructure involves the deployment of Linux malware, such as RushDrop, and the utilization of “ORB Nodes,” associated with specific decentralized technologies. In the Web3 ecosystem, nodes, validators, and infrastructure services predominantly operate in Linux environments. The fact that UAT-7290 is deploying advanced Linux-based spyware and targeting critical infrastructure like telecom providers suggests an unavoidable risk for Web3 project operators.
Telecom operators provide the foundational communication layer for Web3 services; their compromise could affect the entire supply chain. Furthermore, the attacker’s interest in specific decentralized infrastructure technologies, exemplified by the use of ORB Nodes, strongly indicates that Web3 nodes themselves are likely targets in future campaigns.
It is imperative for Web3 developers and infrastructure managers to immediately enhance their node infrastructure security, emphasizing OS-level threat detection (EDR for Linux) and strict adherence to zero-trust principles. Activity by state-level threat actors like UAT-7290 underscores the necessity for advanced defensive strategies that transcend conventional security measures to safeguard the decentralized future of Web3.
Source: China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes
コメント