Tag: UAT-10027
-
Encrypted Deception: Cisco Talos Unmasks “Dohdoor” and the Stealthy UAT-10027 Campaign Targeting Healthcare
Since the twilight of 2025, Cisco Talos has been vigilantly tracking a malicious campaign directed against educational and healthcare institutions within the United States. Researchers attribute this coordinated activity to the threat actor UAT-10027 and have delineated a novel backdoor christened “Dohdoor.” Its defining characteristic is its reliance on DNS over HTTPS (DoH) for command…