Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Confucius Pakistan phishing campaign using WooperStealer and Anondoor

Campaign
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

Confucius is running an active phishing campaign against Pakistan that uses WooperStealer and Anondoor, expanding the risk of credential theft and device compromise across a broad target set. The operation has targeted government agencies, military organizations, defense contractors, and critical industries using spear-phishing and malicious documents. Recent attack chains used .PPSX and .LNK files with DLL side-loading to deliver malware and steal sensitive data. The group’s repeated targeting and changing toolset suggest a sustained operation rather than a single isolated lure.

Related Happenings

Silver Fox South Asia phishing campaign

Campaign
First: 24.03.2026 18:00 Last: 24.03.2026 18:00 Sources 1

About this happening: The **Silver Fox** campaign now includes **BYOVD** abuse of a previously unknown **WatchDog Anti-malware** driver, **amsdk.sys (version 1.0.600)**, to disable security tools on co...

Open Happening

Silver Dragon intrusion and phishing campaign targeting Europe, Southeast Asia, and Uzbekistan

Campaign
First: 04.03.2026 10:14 Last: 04.03.2026 10:14 Sources 1

About this happening: The **Silver Dragon** campaign is actively using **public-facing internet servers** and **phishing emails with malicious attachments** to gain initial access, expanding risk acros...

Open Happening

Mustang Panda multi-country espionage campaign against government and telecom targets

Campaign
First: 28.01.2026 13:40 Last: 28.01.2026 13:40 Sources 1

About this happening: A **Mustang Panda** espionage campaign targeted **government entities** across **Myanmar, Mongolia, Malaysia, and Russia**, showing sustained multi-country activity from **2021-20...

Open Happening

Storm-0249 tax-themed phishing campaign targeting U.S. users

Campaign
First: 09.12.2025 15:37 Last: 09.12.2025 15:37 Sources 1

About this happening: **Storm-0249** ran a **tax-themed phishing campaign** against **U.S. users** ahead of the **tax filing season**, expanding access opportunities for downstream abuse. The operation...

Open Happening

STAC6565 spear-phishing campaign targeting Canadian organizations

Campaign
First: 09.12.2025 11:35 Last: 09.12.2025 11:35 Sources 1

About this happening: The **STAC6565** campaign has driven **almost 40 intrusions** against **Canadian organizations**, making it a sustained operation with a sharply focused target set. Attackers use...

Open Happening

Timeline

  1. 02.10.2025 17:44 2 articles · 7mo ago

    Confucius Pakistan phishing campaign using WooperStealer and Anondoor

    Initial Disclosure

    The earliest documented wave used a **.PPSX** lure in **December 2024** to deliver **WooperStealer** through **DLL side-loading**. That phase established the campaign’s reliance on phishing documents as the entry point.

    Show sources
    Open in new tab