The Reveal Platform
Intel Name: Uat-7237 targets taiwanese web hosting infrastructure
Date of Scan: August 18, 2025
Impact: Medium
Summary: UAT-7237 is a Chinese-speaking APT group active since at least 2022, with strong links to UAT-5918. It recently targeted web infrastructure entities in Taiwan, using heavily customized open-source tools to evade detection and maintain long-term persistence in high-value environments. The group also employs a customized shellcode loader known as “SoundBill,” capable of decoding and loading various shellcodes, including Cobalt Strike.
