A threat actor linked to India, known as DoNot Team, has targeted a European foreign affairs ministry with sophisticated malware for espionage. The attack involved spear-phishing, remote access trojans, and data exfiltration, highlighting ongoing cyber espionage activities. #DoNotTeam #LoptikMod
Keypoints
- The threat actor has suspected ties to India and is known for targeting government and diplomatic entities.
- The attack utilizes spear-phishing emails with malicious Google Drive links and RAR archives.
- Malware such as LoptikMod, a remote access Trojan, establishes persistence and exfiltrates data from infected systems.
- The malware employs anti-VM techniques and obfuscation to evade detection and analysis.
- The campaign indicates a shift towards European diplomatic targets, expanding the threat groupβs geographical focus.
Read More: https://thehackernews.com/2025/07/donot-apt-expands-operations-targets.html