DoNot Team | Breaking Cybersecurity News | The Hacker News

The threat actor known as  DoNot Team  has been linked to the use of a novel .NET-based backdoor called Firebird targeting a handful of victims in Pakistan and Afghanistan. Cybersecurity company Kaspersky, which disclosed the findings in its APT trends report Q3 2023, said the attack chains are also configured to deliver a downloader named CSVtyrei, so named for its resemblance to Vtyrei. "Some code within the examples appeared non-functional, hinting at ongoing development efforts," the Russian firm  said . Vtyrei  (aka BREEZESUGAR) refers to a first-stage payload and downloader strain previously harnessed by the adversary to deliver a malware framework known as RTY . DoNot Team, also known by the names APT-C-35, Origami Elephant, and SECTOR02, is suspected to be of Indian origin, with its attacks employing spear-phishing emails and rogue Android apps to propagate malware. The latest assessment from Kaspersky builds on an  analysis  of the threat a...