UAT-10027 Targets U.S. Education and Healthcare with New Backdoor

What Happened

A new cyber threat is here, and it’s targeting something we all rely on: education and healthcare. Cisco Talos has identified a malicious campaign^? known as UAT-10027 that has been active since December 2025. This campaign is not just any run-of-the-mill attack; it aims to deliver a sophisticated backdoor^? called Dohdoor.

Dohdoor is unique because it uses a technology called DNS-over-HTTPS (DoH). This means it can hide its activities by blending in with regular web traffic, making it harder to detect. The attackers are focused on infiltrating systems in schools and hospitals, potentially compromising sensitive data^? and operations.

Why Should You Care

You might think this doesn't affect you, but if you or your family rely on schools or healthcare services, it absolutely does. Imagine your child's school being disrupted or your doctor unable to access your medical records. This attack could lead to serious consequences for your education and health systems.

In today’s world, where everything is connected, a breach in these sectors can ripple out, affecting your personal information and safety. Think of it like a chain reaction: when one link breaks, it can impact everyone connected to it.

What's Being Done

Cisco Talos is actively monitoring^? this threat and working on ways to mitigate the risks. If you are part of an educational institution or healthcare organization, here are some immediate actions to take:

• Update your security protocols to defend against potential breaches.
• Educate staff on recognizing phishing attempts and suspicious activities.
• Monitor network traffic for unusual patterns that could indicate a breach.

Experts are keeping a close eye on UAT-10027, watching for how it evolves and what new tactics it may employ in the future. Stay alert, because the landscape of cyber threats is constantly changing.