Afghanistan, Pakistan subjected to DoNot Team attacks with new backdoor

Suspected Indian state-sponsored threat operation DoNot Team, also known as APT-C-35, SECTOR02, and Origami Elephant, have targeted organizations in Afghanistan and Pakistan with the novel Firebird backdoor in recent attacks, according to The Hacker News. Attacks launched by DoNot Team also involved the deployment of the CSVtyrei downloader, which was similar to the first-stage Vtyrei payload, also known as BREEZESUGAR, leveraged in previous DoNot Team intrusions, a report from Kaspersky revealed. "Some code within the examples appeared non-functional, hinting at ongoing development efforts," said Kaspersky. Such a development comes after Indian government organizations were reported by Zscaler ThreatLabz to have been targeted by Pakistan-linked hacking operation Transparent Tribe in attacks involving the ElizaRAT Windows trojan. Pakistan-based organizations have also been targeted in a spear-phishing campaign by suspected Indian state-backed hacking group Mysterious Elephant, also known as APT-K-47, that deployed the new ORPCBackdoor payload, a report from Knownsec 404 Team revealed.