Confucius Hackers Target Government and Military Entities Using WooperStealer Malware

The notorious Confucius hacking organization, first exposed by foreign security vendors in 2016, continues to pose a significant threat to government and military entities across South and East Asia.

With attack activities dating back to 2013, this group has recently escalated its operations, targeting critical domestic units and industries with advanced tactics.

Unveiling a Sophisticated Cyber Threat

According to the Report, The Knowsec 404 Advanced Threat Intelligence Team has uncovered a new weapon in Confucius’ arsenal a modular backdoor named “anondoor” paired with the infamous WooperStealer malware, signaling a dangerous evolution in their cyber warfare capabilities.

The latest attack vector begins with a seemingly innocuous LNK file, which triggers a script to download multiple components, including “python313.dll” (anondoor) and a legitimate Python executable renamed “BlueAle.exe.”

Once executed, BlueAle.exe loads anondoor, a componentized backdoor that marks a stark upgrade from the ...