Dohdoor Backdoor Hits U.S. Schools and Hospitals Through Stealthy DoH‑Based Attacks

A new malware cluster, tracked as UAT‑10027 by Cisco Talos, is using a previously undocumented backdoor called Dohdoor to infiltrate schools and healthcare organizations across the United States. The campaign has been active since at least December 2025, and it relies on DNS‑over‑HTTPS (DoH), living‑off‑the‑land binaries (LOLBins), and multi‑stage delivery to maintain persistence while evading detection. Dohdoor’s main trick is to […] The post Dohdoor Backdoor Hits U.S. Schools and Hospitals Through Stealthy DoH‑Based Attacks appeared first on VPN Central.