Executive Summary
Chinese UAT-7237 Advanced Persistent Threat (APT) behavior suggests that China will maintain infiltration of Taiwan’s hosting providers mainly utilizing VPNs to gain access to more sensitive information during a Taiwan-related crisis.
In mid-August 2025, newly-identified APT, UAT-7237, successfully compromised a Taiwanese web host provider. Its particular intent was to access the VPN and cloud infrastructure of the victim. This APT is linked to other famous APTs, such as Volt Typhoon.
Its toolkit, target and behavior suggest a latent, strategic purpose. This is consistent with linked APT threats identified in the past. The long-run nature of the threat factor indicates a likely strategic and “sleeping” placement in the Taiwanese web systems.