An Indian-government backed hacking group called ‘Do not’ is reportedly planning to attack Pakistan’s cyberspace involving highly-sensitive organizations such as the military. According to Cabinet Division Advisory, the ‘Do Not’ hacking group, also known as APT-C-35 and Sector E02, is operating since 2016 and its main target is South Asian countries like Pakistan, Bangladesh, Sri- Lanka, and Nepal.

‘Do not’ Hacking Group – Plan of Action

The ‘Do not’ hacking group has recurrent and advanced tactics of attacking the same organization or victim again and again. The group uses Macros in Ms Word, PowerPoint, and Excel, to target organizations. They can accomplish their goals through Windows Framework RTF files with .doc extensions containing links to download malware and gain access.

Their mode of action involves phishing emails and malicious attachments. The investigations have further revealed that the group is attacking government organizations through YTY malware which is used to target government agencies, militaries, foreign embassies, and other government organizations. The hacking group mainly collects and exfiltrates data to Indian intelligence agencies for cyber espionage.

Preventive Measures

The advisory has issued some preventive measures to protect the organizations from the hacking group. It has asked government organizations to conclude malware-focused audits of all endpoints periodically. According to ProPakistani, it has been suggested that government organizations use reputed anti-malware/anti-virus and to ensure establish security operations centers for host visibility at the organizational level by utilizing open source extended detection and response, endpoint detection and response, security information and event management solutions.

Also read: Indian Hacking Group Found Behind Targeting Pakistani Government Websites


Please enter your comment!
Please enter your name here