The Confucius hacking group has significantly evolved its attack methods, shifting from document stealers to advanced Python-based backdoors like AnonDoor. Their campaigns primarily target South Asian organizations, employing sophisticated social engineering and malware techniques. #Confucius #AnonDoor
Keypoints
- Confucius has transitioned from using WooperStealer to Python-based backdoors such as AnonDoor.
- The group employs advanced social engineering tactics, including weaponized PowerPoint phishing emails and embedded malicious Office documents.
- Technique evolution includes DLL side-loading, registry persistence, and LNK files that execute remote PowerShell commands.
- AnonDoor is a sophisticated Python backdoor with reconnaissance, command execution, and remote communication capabilities.
- Targeting remains focused on South Asian organizations, especially in Pakistan, with detection supported by FortiGuard security solutions.