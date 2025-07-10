Threat Intelligence, Critical Infrastructure Security

New DoNot Team attacks set sights on Europe

Red glowing word cyberattack on a black wall surrounded by green random letters cybersecurity concept 3D illustration

(Adobe Stock)

Suspected Indian advanced persistent threat operation DoNot Team, also known as APT-C-35, SECTOR02, Origami Elephant, and Viceroy Tiger, has sought to compromise a foreign affairs ministry in Europe with the LoptikMod remote access trojan as part of a likely cyberespionage campaign, according to The Hacker News.

Malicious emails purporting to be from defense officials have been sent by DoNot Team to lure recipients into clicking a Google Drive link that downloads a RAR archive containing a nefarious PDF-spoofing document, leading to the eventual execution of the LoptikMod malware, a report from the Trellix Advanced Research Center showed. Aside from pilfering data, installing other modules, receiving other commands, and delivering system information, LoptikMod also ensures covert compromise with the use of ASCII obfuscation and anti-virtual machine tactics, said researchers, who noted the inactive nature of the campaign's command-and-control server. "While historically focused on South Asia, this incident targeting South Asian embassies in Europe, indicates a clear expansion of their interests towards European diplomatic communications and intelligence," researchers added.

Related

SafePay ransomware gang ramps up attacks

GBHackers News reports that more than 200 organizations around the world have already been compromised by the SafePay ransomware group, which has become among the most prolific threat operations during the first quarter of 2025.

Alleged Scattered Spider hackers apprehended

The UK's National Crime Agency has announced the arrests of four individuals alleged to be part of the Scattered Spider ransomware operation, which had compromised leading retail firms Marks & Spencer, Co-op, and Harrods, before targeting organizations in the insurance and aviation sectors, reports Cybersecurity Dive.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Account HarvestingBlack HatDeauthentication AttackDefacementDenial of ServiceDictionary AttackDistributed ScansFault Line AttacksGoogle HackingHybrid Attack

You can skip this ad in 5 seconds