An Indian-supported hacking group is set to attack Pakistan’s cyber world. “Do Not” is an Indian-backed hacking group involved in cyber attacks in Pakistan.
According to Cabinet Division Advisory, the “Do Not” group, also known as APT-C-35 and Sector E02, is planning to target Pakistan’s civil and military setups for spying.
According to the advisory intelligence, the group is in action since 2016, and involved in targeting organizations and individuals in South Asia with deligate windows and Android Malware.
Moreover, the Indian hacking group “Do Not” specifically collects and exfiltrates data to Indian intelligence agencies for cyber espionage.
In addition, as per the advisory, the threat actor has improvised Cyberattack toolkits and generated concerns for potential victims. Though, the hacking group is compelling and previously has succeeded in many cyber-attacks.
However, the “Do Not” group’s main target is South Asian countries like Pakistan, Bangladesh, Sri- Lanka, and Nepal.
However, the group also wants to target their embassies abroad. In addition, the hacking group is interested in government intelligence companies, military organizations, the ministry of foreign affairs and embassies.
According to one more piece of news, the hacking group “Do Not” APT is focused on targeting critical entities with waves of sphere phishing emails and malicious attachments.
Moreover, with advanced tactics and technologies, the group repeats its attack patterns on the same victims.
The hacking group uses Macros in Ms Word, PowerPoint and Excel, as per the news. They can accomplish their goals through Windows Framework RTF files with .doc extensions containing links to download malware and gain shell access.
The group is quite intelligent in using the latest attack techniques, which APT-C-35 mainly uses. It also came to notice that the group is attacking government organizations through YTY malware endogenously created by “DO NoT” APT consists of a chain of downloaders.
Hence, this ultimately downloads a backdoor with minimal functionality to download and execute additional components of the “Do Not” team’s tool set.
However, the cabinet division has proposed preventive actions to defend against “Do Not” APT attacks.
The advisory has requested the government to take proactive measures to avoid any mishap in future.
It is also brought into notice that the government organizations ensure utilizing system hardening endpoints. However, it has also requested the active directory domains to ensure protection against Kerberos-based attacks.
In addition, the Civil and Military sector also notified to block and monitor the execution of signed executables like PSExec.exe, Netcat.exe,Socat.exe.
It is also requested to block and monitor the execution of unsigned executables from the %temp% directory and App data directory.
The advisory also requested the government to conduct malware-focused audits of all endpoints periodically.
Alas, anti-malware and anti-virus can apply to prevent attacks. Government ensure to establish security operations centres for host visibility at the organizational level