The Reveal Platform
Intel Name: Uat-9686 actively targets cisco secure email gateway and secure email and web manager
Date of Scan: December 18, 2025
Impact: High
Summary: UAT-9686, a suspected Chinese-nexus APT actor, is actively targeting Cisco Secure Email Gateway (AsyncOS/ESA) and Cisco Secure Email and Web Manager (SMA). The group exploits non-standard appliance configurations to deploy a custom persistence tool called AquaShell, along with reverse tunneling and log-cleaning utilities to maintain stealthy, long-term access.
