This report provides an overview of various threat actors and their activities in the cybersecurity landscape. It highlights the DoNot Team, Transparent Tribe [3], and Mysterious Elephant [3], all suspected to be state-sponsored groups originating from India. These actors employ sophisticated techniques to spread malware and target specific sectors.

Description

The DoNot Team [1] [2] [3], also known as APT-C-35 [1] [3], Origami Elephant [1] [3], and SECTOR02 [1] [3], has been active since 2016 [1] [3]. They are associated with the use of a new NET-based backdoor called Firebird. This backdoor has affected a limited number of victims in Pakistan and Afghanistan [1]. Recent findings from Kaspersky’s APT trends report Q3 2023 indicate ongoing development efforts by the DoNot Team, as they utilize a downloader named CSVtyrei, resembling Vtyrei [2] [3]. The group employs specialized phishing emails and fake Android applications to distribute malware [1].

Transparent Tribe [3], also known as APT36 [1] [3], has been active since 2013 [1] [3]. They have recently targeted Indian government sectors with an updated malware arsenal [3], including a new Windows trojan called ElizaRAT [3]. Transparent Tribe has also targeted Linux systems in the past.

Mysterious Elephant [3], also known as APT-K-47 [1] [3], has been attributed to a spear-phishing campaign in Pakistan [3]. They utilize a backdoor called ORPCBackdoor. This group shares tooling and targeting overlaps with other actors aligned with India [3], such as SideWinder [3], Patchwork [3], Confucius [3], and Bitter [3].

Conclusion

The activities of these threat actors have significant implications for cybersecurity. It is crucial for organizations and governments to remain vigilant and implement robust security measures to mitigate the risks posed by these groups. Ongoing monitoring and collaboration between security researchers and law enforcement agencies are essential to stay ahead of evolving threats. As these actors continue to develop new techniques and malware, it is imperative to adapt and enhance defensive strategies to protect against future attacks.

References

[1] https://www.altusintel.com/public-yywhc8/
[2] https://www.cyberevive.com/2023/10/23/donot-teams-new-firebird-backdoor-hits-pakistan-and-afghanistan/
[3] https://thehackernews.com/2023/10/donot-teams-new-firebird-backdoor-hits.html