Advanced Persistent Threat Group “DONOT Team” is Leveraging Two Nearly Identical Android Applications to Conduct Intelligence-Gathering Operations Targeting Individuals and Groups in India Who Appear to be of National Security Interest to the Country

The “Tanzeem” and “Tanzeem Update” apps purport to be chat apps but do not work as advertised. Instead, once installed on a system, they prompt the user to turn on the device’s accessibility feature and grant access to several easily misused permissions. The apps then shut down and proceed to stealthily harvest information from the compromised device, according to researchers at Cyfirma, who recently spotted the new DONOT campaign.

Intelligence Gathering and Beyond

“The ongoing efforts by the notorious DONOT APT extend beyond gathering intelligence on internal threats; they have also targeted various organizations in South Asia,” Cyfirma reported finding three malicious Android apps on Google’s Play store that the threat actor used against targeted individuals in Kashmir and Pakistan.

DONOT Team is one of several APT groups believed to be operating out of India that is engaged in a range of malicious activities, including online extortion scams, hacktivism, and increasingly, cyber espionage and surveillance. Security experts believe that at least some of the activity is tied to geopolitical tensions in the region and to a broader growth in all kinds of cybercrime in South Asia in recent years.


Source Link