The Confucius group, a persistent cyber-espionage entity active since 2013, has resumed operations in South Asia with evolving tactics and tools. They primarily target government and military organizations using weaponized documents, malicious scripts, LNK files, and advanced backdoors like AnonDoor and WooperStealer. #ConfuciusGroup #SouthAsiaThreats
Keypoints
- The Confucius group has resumed operations targeting South Asian government and military entities.
- The group uses weaponized Office documents, malicious LNK files, and obfuscation to maintain access.
- Recent campaigns involve phishing, DLL side-loading, and delivery of malware like WooperStealer and AnonDoor.
- Confucius has shifted from legacy stealers to advanced Python-based backdoors for increased flexibility.
- The groupβs techniques demonstrate adaptability through toolchain updates and layered evasion strategies.