216.73.217.64

Confucius Espionage: From Stealer to Backdoor

· Published 03/10/2025 03:23 · Modified 03/10/2025 08:56

Export JSON

Essential information

Published
03/10/2025 03:23
Modified
03/10/2025 08:56
Tags
2025-10-03 anondoor cyber espionage lnk files obfuscation pakistan python backdoor south asia wooperstealer
Related entities
1 intrusion sets (apt), 16 techniques (mitre), 2 malware, 3 others

Description

The Confucius group, a long-running cyber-espionage actor operating in , has evolved its tactics from document stealers to Python-based backdoors. Recent campaigns showcase the group's adaptability and growing sophistication, targeting government agencies, military organizations, and critical industries, particularly in . The group has transitioned from using to deploying a Python variant of , demonstrating their ability to pivot between techniques, infrastructure, and malware families. Their attack chain includes weaponized Office documents, malicious , and multiple malware families, employing techniques to evade detection. The group's persistence and rapid adaptation highlight the ongoing threat posed by state-aligned malware campaigns in the region.

External references