DoNot Hacking Team Targeting Government and Military Entities in South Asia

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,003
A threat actor with potential links to an Indian cybersecurity company has been nothing if remarkably persistent in its attacks against military organizations based in South Asia, including Bangladesh, Nepal, and Sri Lanka, since at least September 2020 by deploying different variants of its bespoke malware framework.

Slovak cybersecurity firm ESET attributed the highly targeted attack to a hacking group known as Donot Team. "Donot Team has been consistently targeting the same entities with waves of spear-phishing emails with malicious attachments every two to four months," researchers Facundo Muñoz and Matías Porolli said.

Operating since at least 2016, Donot Team (also known as APT-C-35 and SectorE02) has been linked to a string of intrusions primarily targeting embassies, governments, and military entities in Bangladesh, Sri Lanka, Pakistan, and Nepal with Windows and Android malware.

In October 2021, Amnesty International unearthed evidence tying the group's attack infrastructure to an Indian cybersecurity company called Innefu Labs, raising suspicions that the threat actor may be selling the spyware or offering a hackers-for-hire service to governments of the region.
"Donot Team makes up for its low sophistication with tenacity," the researchers concluded. "We expect that it will continue to push on regardless of its many setbacks. Only time will tell if the group evolves its current TTPs and malware."
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top