{"id":232188,"date":"2026-02-27T05:24:19","date_gmt":"2026-02-27T11:24:19","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/02\/uat-10027-targets-u-s-education-and-healthcare-with-dohdoor-backdoor"},"modified":"2026-02-27T05:24:19","modified_gmt":"2026-02-27T11:24:19","slug":"uat-10027-targets-u-s-education-and-healthcare-with-dohdoor-backdoor","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/02\/uat-10027-targets-u-s-education-and-healthcare-with-dohdoor-backdoor","title":{"rendered":"UAT-10027 Targets U.S. Education and Healthcare with Dohdoor Backdoor"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/uat-10027-targets-u-s-education-and-healthcare-with-dohdoor-backdoor.jpg\"><\/a><\/p>\n<p>A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025.<\/p>\n<p>The campaign is being tracked by Cisco Talos under the moniker <strong>UAT-10027<\/strong>. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor.<\/p>\n<p>\u201cDohdoor utilizes the DNS-over-HTTPS (DoH) technique for command-and-control (C2) communications and has the ability to download and execute other payload binaries reflectively,\u201d security researchers Alex Karkins and Chetan Raghuprasad <a href=\"https:\/\/blog.talosintelligence.com\/new-dohdoor-malware-campaign\/\" rel=\"noopener\" target=\"_blank\">said<\/a> in a technical report shared with The Hacker News.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A previously undocumented threat activity cluster has been attributed to an ongoing malicious campaign targeting education and healthcare sectors in the U.S. since at least December 2025. The campaign is being tracked by Cisco Talos under the moniker UAT-10027. The end goal of the attacks is to deliver a never-before-seen backdoor codenamed Dohdoor. \u201cDohdoor utilizes [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[32,1492],"tags":[],"class_list":["post-232188","post","type-post","status-publish","format-standard","hentry","category-education","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/232188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=232188"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/232188\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=232188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=232188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=232188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}