Indian state-sponsored hacking group “DoNot” is involved in cyber attacks in Pakistan.
According to cabinet division advisory, the “DoNot” group also known as APT-C-35 & Sector E02 is targeting Pakistan’s civil and military setups for spying.
According to the advisory, the group is operating since 2016 and it is involved in targeting organizations and individuals in South Asia with sophisticated windows and Android malware. The “DoNot” hacking group mainly collects and exfiltrates data to Indian intelligence agencies for cyber espionage.
According to the advisory, recently the threat actor has improvised cyberattack toolkits and caused concerns for potential victims. The hacking group has emerged in various cyber threat intelligence watchdogs’ alerts.
According to the cabinet division, the “DoNot” group has been found targeting South Asian countries like Pakistan, Bangladesh, Sri Lanka, and Nepal and their embassies abroad the group is also targeting international emerging powers. The interested areas of the hacking group are government and military organizations, ministries of foreign affairs, and embassies.
According to the advisory, DoNot APT has been consistently targeting critical entities with waves of spear phishing emails and malicious attachments. The group has been repeating attack patterns on the same victims with advanced techniques.
According to the advisory, the hacking group is using Macros in MS Word, Excel, PowerPoint, etc. leading to remote access. It accomplishes its goals through Windows Framework RTF files with .doc extensions further containing links to download malware and gain shell access.
This is the latest attack technique used by APT-C-35. The group is also attacking government organizations through YTY Malware-indigenously developed by DoNot APT consists of a chain of downloaders that ultimately download a backdoor with minimal functionality, used to download and execute further components of DoNot Team’s toolset.
The cabinet division has proposed preventive measures to defend against “DoNot” APT attacks. the advisory has asked the government organizations to ensure Utilizing system hardening at all endpoints. It has asked to active directory domain networks be hardened to ensure protection against Kerberos-based attacks.
The advisory has asked civil and military organizations to block and monitor the execution of signed executables like PsExec.exe, Netcat.exe, Socat.exe, and netcat.exe and also block and monitor the execution of unsigned executables from %temp% directory and AppData directory.
The advisory has asked government organizations to conclude malware-focused audits of all endpoints periodically. It has been suggested that government organizations use reputed anti-malware/anti-virus and to ensure establish security operations centers for host visibility at the organizational level by utilizing open source extended detection and response, endpoint detection and response, and security information and event management solutions.
GIPHY App Key not set. Please check settings