The Confucius group, a long-running cyber-espionage actor operating in South Asia, has evolved its tactics from document stealers to Python-based backdoors. Recent campaigns showcase the group's adaptability and growing sophistication, targeting government agencies, military organizations, and critical industries, particularly in Pakistan. The group has transitioned from using WooperStealer to deploying a Python variant of AnonDoor, demonstrating their ability to pivot between techniques, infrastructure, and malware families. Their attack chain includes weaponized Office documents, malicious LNK files, and multiple malware families, employing obfuscation techniques to evade detection. The group's persistence and rapid adaptation highlight the ongoing threat posed by state-aligned malware campaigns in the region.