APT C-35 aka (Donot Team) has been actively dropping malicious RTF sample for template injection. The group has a history of attacking Pakistani government officials and military personnel and has been linked to India. They previously targeted Pakistani users with android malware named (StealJob) was used to target Pakistani android mobile users by Phishing on the name of “Kashmiri Voice” The attackers hunt for confidential information and intellectual property. The hackers’ targets include countries in South Asia, in particular, state sector of Pakistan.
The file name suggests that the malicious attachment is about the “Brief Report on International Boarder ” which iterates the reporting done on the international border and the activities on it. These type of reports are shared with highest level officials and the content in it is use to develop strategic planning. These kind of attacks are now in full flow to disintegrate Pakistan after Pakistan started performing better interms of economy and getting themselves retain in the FATF grey list where as India pushed Pakistan to the wire to be inducted to blacklist so they can take advantage of the situation and get their gain in the region.
Information theft and Espionage