UAT-8616 is a highly sophisticated cyber threat actor attributed by Cisco Talos, with evidence of activity dating back to at least 2023. They have been observed exploiting CVE-2026-20127 in the wild and previously exploited CVE-2022-20775 by escalating to root user access through a software version downgrade. Their operations indicate a focus on targeting network edge devices to establish persistent footholds in high-value organizations, including Critical Infrastructure sectors.