China-Linked Advanced Threat Actor Targets Critical North American Infrastructure

An advanced threat actor, tracked as UAT-8837 and attributed to China, is targeting critical infrastructure in North America. The group exploits known vulnerabilities and a zero-day flaw in Sitecore (CVE-2024-29890) to gain initial access. The attack combines phishing techniques and the exploitation of unpatched vulnerabilities, enabling persistence within compromised systems. No specific date or detailed impact is mentioned, but the targets include sensitive sectors. Technical details remain limited to initial access vectors.