By Anna Ribeiro
Publication Date: 2026-01-09 10:40:00
Researchers from Cisco Talos disclosed a sophisticated threat actor, tracked as UAT-7290, which has been active since at least 2022. The group is assessed as responsible for gaining initial access and conducting espionage-focused intrusions against critical infrastructure entities in South Asia. These hackers employ a dedicated malware arsenal that includes a family of implants referred to as RushDrop, DriveSwitch, and SilentRaid.
RushDrop functions as the initial dropper that kickstarts the infection chain and is also known as ChronosRAT. DriveSwitch operates as a peripheral malware component used to execute the primary implant on infected systems. SilentRaid serves as the primary implant, designed to establish persistent access to compromised endpoints, communicate with command-and-control infrastructure, and execute tasks defined by the attacker. SilentRaid is also known as MystRodX.
In addition to these tools, UAT-7290 implants another malware strain called…
