Since at least September 2020, a threat actor known as Donot Team, with alleged connections to an Indian cybersecurity firm, has been deploying different variants of its tailor - made malware framework with waves of spear-phishing emails with malicious attachments every two to four months, targeting military organizations in South Asia, including Bangladesh, Nepal, and Sri Lanka. Donot Team (also known as APT-C-35 and SectorE02) has been connected to a spate of incursions in Bangladesh, Sri Lanka, Pakistan, and Nepal, especially targeting embassies, governments, and military organizations using Windows and Android malware since at least 2016. While it's customary for APT to re-attack a previously penetrated network by installing more stealthy backdoors to hide their traces, Donot Team takes a different approach by releasing several variations of the malware it already has. The malware framework which is s delivered via weaponized Microsoft Office documents is a chain of intermediary downloaders that eventually results in the execution of a backdoor, which takes care of retrieving additional elements capable of harvesting files, recording keystrokes and screenshots, and deploying reverse shells for remote access. Donot Team makes up for its lack of sophistication with persistence, leading experts to believe that it will survive despite its numerous failures. Only time will tell whether the group's existing TTPs and malware develop.
Zscaler ThreatLabz researchers have uncovered a surge in fraudulent websites hosted on popular web hosting and blogging platforms, part of an elaborate strategy to spread malware t...
The Federal Trade Commission (FTC) has announced that it will distribute $5.6 million in refunds to Ring users affected by privacy and security issues. The refunds come as part of ...
In the summer of 2023, the Lazarus Group, a threat actor linked to North Korea, employed its well-known fabricated job lures to deliver a new remote access trojan (RAT) named Kaoli...