Image: Stock Photo

The “DoNot” group, also known as APT-C-35 & Sector E02, has been found to be involved in cyber attacks in Pakistan by the Indian government. According to a cabinet division advisory, the group has been targeting Pakistan’s civil and military setups for spying since 2016.

The group is said to be using sophisticated windows and Android malware to target organizations and individuals in South Asia. The data collected by the “DoNot” hacking group is exfiltrated to Indian intelligence agencies for cyber espionage.

Recently, the group has improvised its cyber attack toolkits, causing concerns for potential victims. The hacking group has emerged in various cyber threat intelligence watchdogs’ alerts and has been found targeting South Asian countries like Pakistan, Bangladesh, Sri Lanka, and Nepal, as well as their embassies abroad.

The group’s main targets are government and military organizations, ministries of foreign affairs, and embassies. It has been consistently targeting critical entities with waves of spear phishing emails and malicious attachments.

The “DoNot” group is using Macros in MS Word, Excel, PowerPoint, etc. leading to remote access. It accomplishes its goals through Windows Framework RTF files with .doc extensions, further containing links to download malware and gain shell access.

The Indian government has proposed preventive measures to defend against “DoNot” APT attacks. The advisory has asked government organizations to ensure system hardening at all endpoints and active directory domain networks to be hardened to ensure protection against Kerberos-based attacks.

Additionally, the advisory has suggested that government organizations conclude malware-focused audits of all endpoints periodically. It has been suggested that government organizations use reputed anti-malware/anti-virus software and establish security operations centers for host visibility at the organizational level by utilizing open source extended detection and response, endpoint detection and response, and security information and event management solutions.

The “DoNot” group’s cyber attacks are a cause for concern in South Asia, and it is imperative for governments to take proactive measures to prevent such attacks.

Topics #featured #india #Pakistan