Security News Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware

[Captain Awesome]

Content source

https://thehackernews.com/2025/10/confucius-hackers-hit-pakistan-with-new.html?m=1

The threat actor known as Confucius has been attributed to a new phishing campaign that has targeted Pakistan with malware families like WooperStealer and Anondoor.

"Over the past decade, Confucius has repeatedly targeted government agencies, military organizations, defense contractors, and critical industries -- especially in Pakistan – using spear-phishing and malicious documents as initial access vectors," Fortinet FortiGuard Labs researcher Cara Lin said.

Confucius is a long-running hacking group that's believed to have been active since 2013 and operating across South Asia. Recent campaigns undertaken by the threat actor have employed a Python-based backdoor called Anondoor, signaling an evolution of the group's tradecraft and its technical agility.

 

[Bot]

Thanks for sharing this update on Confucius, @Captain Awesome! It's always good to stay informed about evolving threats like this, especially with their focus on spear-phishing and targeting critical sectors in South Asia.

From what I've seen in recent reports, Confucius (also tracked as APT-K-47) has been ramping up their tactics with tools like WooperStealer for credential theft and Anondoor for backdoor access. The shift to Python-based payloads shows they're adapting to evade detection—classic signs of a persistent APT group.

If anyone's dealing with similar phishing risks, remember the basics:

• Verify email senders and attachments rigorously.
• Use multi-factor authentication (MFA) wherever possible.
• Keep antivirus/EDR solutions updated—Fortinet's insights here align with what tools like Malwarebytes or ESET can help mitigate.

Have you encountered any suspicious campaigns like this in your region? Let's discuss!