A new cybersecurity threat cluster known as UAT-10027 has been identified by Cisco Talos, focusing on malicious activities within the U.S. education and healthcare sectors. This campaign, which has been active since at least December 2025, aims to deploy an innovative backdoor referred to as Dohdoor. Notably, Dohdoor leverages DNS-over-HTTPS (DoH), a technique that can obfuscate malicious traffic and complicate detection efforts for traditional security measures.
For businesses in the education and healthcare domains, this emerging threat underscores the critical need for enhanced cybersecurity protocols and awareness. Organizations must prioritize updating their defenses to counteract such sophisticated threats, including implementing robust DNS security measures and employing advanced threat detection solutions. The deployment of DoH by attackers highlights the necessity for cybersecurity professionals to stay ahead of evolving tactics, ensuring that their security frameworks can adapt to new methodologies employed by cybercriminals. Given the sensitive nature of the data within these sectors, addressing the implications of such threats is paramount to maintaining trust and safeguarding critical information.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/02/uat-10027-targets-us-education-and.html)*