Cisco Talos identified UAT-8302, a China-nexus APT, targeting global government entities using a diverse toolkit of custom and shared malware. The threat actor leverages DLL side-loading to deploy implants like NetDraft, CloudSorcerer v3, and VSHELL, while utilizing open-source tools for extensive network reconnaissance, credential harvesting, and lateral movement.