Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,586
- Points
- 113
The DoNot Team has returned to cyberspace with new tools.
Kaspersky Lab specialists have revealed the activity of the DoNot Team group. In particular, the use of a new backdoor on the database was revealed .NET called Firebird, which affected only a small number of victims in Pakistan and Afghanistan.
A loader called CSVtyrei was also detected in the chain of attacks. Security researchers noted that some of the code in the samples turned out to be non-functional, which indicates that the loader is still under development.
Experts assume that the CSVtyrei loader is an updated version of Vtyrel (BREEZESUGAR), the loader previously used by the group to deliver the RTY1 framework, which is the successor to the YTY framework. YTY allows you to extract information about the victim, including files with specified extensions, intercepted input lines, a list of processes, and screenshots.
DoNot Team (APT-C-35, Origami Elephant, SECTOR02) supposedly originates from India and has been active since at least 2016. In their attacks, the group uses specialized phishing emails and fake Android apps to spread malware. In October 2021, the human rights organization Amnesty International found evidence linking the group's infrastructure to an Indian information security company.
Kaspersky Lab specialists have revealed the activity of the DoNot Team group. In particular, the use of a new backdoor on the database was revealed .NET called Firebird, which affected only a small number of victims in Pakistan and Afghanistan.
A loader called CSVtyrei was also detected in the chain of attacks. Security researchers noted that some of the code in the samples turned out to be non-functional, which indicates that the loader is still under development.
Experts assume that the CSVtyrei loader is an updated version of Vtyrel (BREEZESUGAR), the loader previously used by the group to deliver the RTY1 framework, which is the successor to the YTY framework. YTY allows you to extract information about the victim, including files with specified extensions, intercepted input lines, a list of processes, and screenshots.
DoNot Team (APT-C-35, Origami Elephant, SECTOR02) supposedly originates from India and has been active since at least 2016. In their attacks, the group uses specialized phishing emails and fake Android apps to spread malware. In October 2021, the human rights organization Amnesty International found evidence linking the group's infrastructure to an Indian information security company.
