Rewterz Threat Alert – APT C-35 (Donot Team)
January 11, 2021Rewterz Threat Advisory – CVE-2020-17534 – Apache HTML/Java API privilege escalation
January 12, 2021Rewterz Threat Alert – APT C-35 (Donot Team)
January 11, 2021Rewterz Threat Advisory – CVE-2020-17534 – Apache HTML/Java API privilege escalation
January 12, 2021Severity
High
Analysis Summary
APT C-35 aka (Donot Team) has been actively targeting countries in Southeast Asia. The group has a history of attacking Pakistani government officials and military personnel and has been linked to India. They’ve now shifted their tilt towards Southeast Asia and has been dropping malicious files and reinforcing the issue of China’s Digital Silk Road initiative as a threat to world democracy. This comes at a very crucial time when India and China has come to the lowest part of their democratic ties. From banning applications to engaging troops at the LOC, both countries have shown aggression to each other in the recent past. Threat group’s motive appears to be information theft and create a negative image of the China’s Digital Silk Road Initiative.
Impact
Information theft and espionage
Indicators of Compromise
Filename
FiscalReview_July_September_2020_ace[.]docx
MD5
c92901f2ef13374f4afd950d840e02c1
SHA-256
bfaa8d24fea8f904b33da90bc2836785c390c3adaec01ac8082c953dd7b787ed
SHA1
69a8ec206dc0a80bb675277273bb806330d92805
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.