From Click to Compromise Unveiling the Sophisticated Attack of DoNot APT Group on Southern European Government Entities

The DoNot APT group, also known as APT-C-35, Mint Tempest, Origami Elephant, SECTOR02, and Viceroy Tiger, has been active since at least 2016 and is believed to operate with a focus on South Asian geopolitical interests. This group typically targets government entities, foreign ministries, defense organizations, and NGOs, especially those in South Asia and Europe. Known for using custom-built Windows malware, including backdoors like YTY and GEdit, they often deliver their payloads through spear-phishing emails or malicious documents.

Recent analysis by the Trellix Advanced Research Center uncovered a sophisticated campaign attributed to the DoNot APT group targeting a European foreign affairs ministry. The attackers impersonated European defense officials, luring their targets to click on a malicious Google Drive link that deployed malware consistent with the group’s known toolset. This incident highlights the group’s focus on governmental and diplomatic entities and their adaptability in using cloud services for initial infection.

For more information, you can read the full article here.