China-linked hackers exploit Sitecore flaw to target US infrastructure

A China-linked APT group, UAT-8837, has been targeting North American critical infrastructure, exploiting a zero-day vulnerability in Sitecore to gain initial access. Cisco Talos assesses UAT-8837 as a medium-confidence China-nexus APT actor, primarily focused on obtaining access to high-value organizations. The group uses open-source tools to harvest sensitive information and has been observed disabling security features and conducting hands-on keyboard activity on infected hosts. This activity raises concerns about potential supply chain compromises and reverse engineering of victim products.