Suspected Indian APT crew sent malicious emails to ultimately download the LoptikMod malware.
Suspected Indian advanced persistent threat operation DoNot Team has sought to compromise a foreign affairs ministry in Europe with the LoptikMod remote access trojan.
Also known as APT-C-35, SECTOR02, Origami Elephant, and Viceroy Tiger, the group’s effort is part of a likely cyberespionage campaign, reports The Hacker News.
Malicious emails purporting to be from defence officials have been sent by DoNot Team to lure recipients into clicking a Google Drive link that downloads a RAR archive containing a nefarious PDF-spoofing document, leading to the eventual execution of the LoptikMod malware, a report from the Trellix Advanced Research Center showed.
Aside from pilfering data, installing other modules, receiving other commands, and delivering system information, LoptikMod also ensures covert compromise with the use of ASCII obfuscation and anti-virtual machine tactics, said researchers, who noted the inactive nature of the campaign's command-and-control server.
"While historically focused on South Asia, this incident targeting South Asian embassies in Europe, indicates a clear expansion of their interests towards European diplomatic communications and intelligence," researchers added.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
