TheRegister's platform is a leading technology news website, offering insights into IT industry news, hardware reviews, and software updates. Through articles, analysis, and opinion pieces, TheRegister offers insights into cybersecurity threats, technology trends, and industry developments. Readers can stay updated with the latest news and analysis from the world of technology and IT business.

The Register

Cisco Talos researchers have identified an ongoing cyberattack campaign targeting US healthcare and education organizations, attributed with low confidence to a North Korean-linked group called UAT-10027. The attackers use phishing for initial access, then deploy a multi-stage infection chain involving PowerShell, DLL sideloading, and a newly discovered backdoor called Dohdoor. The malware uses DNS-over-HTTPS via Cloudflare to disguise C2 traffic, process hollowing to evade detection, and NTDLL unhooking to bypass EDR tools, ultimately delivering a Cobalt Strike Beacon. Technical overlaps with Lazarus Group's Lazarloader malware suggest a possible connection to North Korea's state-sponsored hacking apparatus.

Suspected Nork intruders infecting US healthcare, education