Dohdoor Malware Hits US Healthcare and AI Agents Pose Security Risks

Cybersecurity researchers at Cisco Talos have uncovered a sophisticated new malware campaign targeting critical infrastructure in the United States, including elderly care facilities and major universities. Attributed to a suspected North Korean group known as UAT-10027, the campaign utilizes a previously unseen backdoor called "Dohdoor." This malware employs advanced evasion tactics like DNS-over-HTTPS via Cloudflare to blend in with legitimate web traffic, making it exceptionally difficult for traditional security tools to detect. Meanwhile, the rapid rise of enterprise AI agents is creating a new security frontier that many organizations are unprepared for. Experts warn that the adoption of the Model Context Protocol (MCP) is outpacing the development of necessary guardrails, leaving autonomous systems with broad access to sensitive data and critical systems without adequate oversight or standardized safety protocols.

Topics Covered

• 📰 Discovery of the Dohdoor backdoor targeting US healthcare and education.
• 🔬 Technical overlaps between UAT-10027 and the North Korean Lazarus Group.
• 💼 The growing security gap created by the rapid adoption of enterprise AI agents.
• ⚡ Vulnerabilities in the Model Context Protocol and risks of AI mis-authentication.

Neural Newscast is AI-assisted, human reviewed. View our AI Transparency Policy at NeuralNewscast.com.

• (00:00) - Introduction
• (00:06) - The Emerging Security Risks of AI Agents
• (00:06) - Dohdoor Malware Targets Critical Infrastructure
• (01:11) - Conclusion