www.rivitmedia.comwww.rivitmedia.comwww.rivitmedia.com
  • Home
  • Tech News
    Tech NewsShow More
    Microsoft’s May 2025 Patch Tuesday: Five Actively Exploited Zero-Day Vulnerabilities Addressed
    7 Min Read
    Malicious Go Modules Unleash Disk-Wiping Chaos in Linux Supply Chain Attack
    4 Min Read
    Agentic AI: Transforming Cybersecurity in 2025
    3 Min Read
    Cybersecurity CEO Accused of Planting Malware in Hospital Systems: A Breach of Trust That Shocks the Industry
    6 Min Read
    Cloud Convenience, Criminal Opportunity: How Google Sites Became a Launchpad for Elite Phishing
    6 Min Read
  • Cyber Threats
    • Malware
    • Ransomware
    • Trojans
    • Adware
    • Browser Hijackers
    • Mac Malware
    • Android Threats
    • iPhone Threats
    • Potentially Unwanted Programs (PUPs)
    • Online Scams
  • How-To-Guides
  • Product Reviews
    • Hardware
    • Software
  • IT/Cybersecurity Best Practices
  • FREE SCAN
  • Cybersecurity for Business
Search
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
© 2023 rivitMedia.com. All Rights Reserved.
Reading: DoNot Team: A Closer Look at a Persistent Cyber Espionage Group
Share
Notification Show More
Font ResizerAa
www.rivitmedia.comwww.rivitmedia.com
Font ResizerAa
  • Online Scams
  • Tech News
  • Cyber Threats
  • Mac Malware
  • Cybersecurity for Business
  • FREE SCAN
Search
  • Home
  • Tech News
  • Cyber Threats
    • Malware
    • Ransomware
    • Trojans
    • Adware
    • Browser Hijackers
    • Mac Malware
    • Android Threats
    • iPhone Threats
    • Potentially Unwanted Programs (PUPs)
    • Online Scams
  • How-To-Guides
  • Product Reviews
    • Hardware
    • Software
  • IT/Cybersecurity Best Practices
    • Cybersecurity for Business
  • FREE SCAN
  • Sitemap
Follow US
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US
© 2022 Foxiz News Network. Ruby Design Company. All Rights Reserved.
www.rivitmedia.com > Blog > Cyber Threats > DoNot Team: A Closer Look at a Persistent Cyber Espionage Group
Cyber ThreatsTech News

DoNot Team: A Closer Look at a Persistent Cyber Espionage Group

riviTMedia Research
Last updated: October 24, 2023 5:23 pm
riviTMedia Research
Share
New SEC Rules Go Into Effect in December.
SHARE

In the ever-evolving landscape of cyber threats and espionage, the DoNot Team has emerged as a noteworthy threat actor, engaging in targeted cyber-espionage operations in South Asia, particularly in Pakistan and Afghanistan. This article sheds light on the activities and characteristics of the DoNot Team, a group known for its use of sophisticated malware and espionage tactics.

Contents
DoNot Team’s Advanced TechniquesThe Journey from Vtyrei to RTYTransparent Tribe and ElizaRATLinux as a New TargetMysterious Elephant: Another Player in the ArenaConclusion

DoNot Team’s Advanced Techniques

DoNot Team, which has also operated under aliases such as APT-C-35, Origami Elephant, and SECTOR02, is suspected to have origins in India. Their attacks are characterized by their precision and ability to infiltrate high-value targets using spear-phishing emails and rogue Android applications.

One of the key revelations from cybersecurity company Kaspersky’s APT trends report for Q3 2023 is the DoNot Team’s use of a novel .NET-based backdoor known as Firebird. This backdoor, along with a downloader named CSVtyrei, forms part of the attack chain used to compromise victims’ systems. Notably, ongoing development efforts are indicated by some non-functional code within the malware.

The Journey from Vtyrei to RTY

The DoNot Team has previously employed a first-stage payload and downloader strain called Vtyrei (also known as BREEZESUGAR). This strain was used to deliver the RTY malware framework, showcasing the group’s evolving tactics and techniques. The group’s versatility in deploying different strains and malware payloads is a concerning aspect of their activities.

Transparent Tribe and ElizaRAT

In addition to the DoNot Team, the region has witnessed the activities of other threat actors. Transparent Tribe, also known as APT36, is a Pakistan-based actor that has been targeting Indian government sectors. They utilize an updated malware arsenal, including a previously undocumented Windows trojan named ElizaRAT. This .NET binary establishes a C2 communication channel via Telegram, granting complete control over the compromised endpoint.

What sets Transparent Tribe apart is its history of using credential harvesting and malware distribution attacks. They frequently employ trojanized installers of Indian government applications and exploit open-source command-and-control frameworks.

Linux as a New Target

A notable development in Transparent Tribe’s tactics is the targeting of Linux systems. This move is significant, given that Linux-based operating systems are widely used in the Indian government sector. It’s likely motivated by India’s decision to replace Microsoft Windows OS with Maya OS, a Debian Linux-based operating system, across government and defense sectors.

Mysterious Elephant: Another Player in the Arena

Adding to the complexity of the cybersecurity landscape in the region is Mysterious Elephant, also known as APT-K-47. This nation-state actor from the Asia-Pacific region is involved in spear-phishing campaigns and deploys a backdoor called ORPCBackdoor. This backdoor is capable of executing files and commands on the victim’s computer and receiving files or commands from a malicious server.

Mysterious Elephant shares tooling and targeting overlaps with other actors associated with India, including SideWinder, Patchwork, Confucius, and Bitter, further underscoring the intricate nature of nation-state cyber operations in the region.

Conclusion

The activities of the DoNot Team, along with other threat actors in the South Asian region, highlight the persistent and evolving nature of cyber espionage. As these groups continue to develop advanced malware and tactics, it is crucial for organizations and governments to enhance their cybersecurity measures to defend against these sophisticated threats. The collaboration of cybersecurity firms and the sharing of threat intelligence are vital components in this ongoing battle to safeguard digital assets and national security.

You Might Also Like

Unchacting.co.in: The Deceptive Tactics of a Browser Hijacker
Beware of the “Spam Activity Originating From Your Address” Scam Email
Degussa Bank Malware: Understanding the Threat and How to Remove It
Unmasking Niceprizegiveaways.com: A Comprehensive Analysis
JarkaStealer: A Guide to Detection, Removal, and Prevention
TAGGED:Tech News

Sign Up For Daily Newsletter

Be keep up! Get the latest breaking news delivered straight to your inbox.
By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. You may unsubscribe at any time.
Share This Article
Facebook Copy Link Print
Share
Previous Article The Art Tab Club Browser Hijacker: A Dangerous Threat to Your Online Security
Next Article Unmasking Searches-World.com: A Deceptive Search Engine and Browser Hijacker
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Scan Your System for Free

✅ Free Scan Available 

✅ 13M Scans/Month

✅ Instant Detection

Download SpyHunter 5
Download SpyHunter for Mac

//

Check in Daily for the best technology and Cybersecurity based content on the internet.

Quick Link

  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US

Sign Up for Our Newsletter

Subscribe to our newsletter to get our newest articles instantly!

www.rivitmedia.comwww.rivitmedia.com
© 2023 • rivitmedia.com All Rights Reserved.
  • ABOUT US
  • TERMS AND SERVICES
  • SITEMAP
  • CONTACT US