Unmasking DoNot Team: Firebird Backdoor Attacks and Kaspersky’s Q3 APT Report Review

Unmasking DoNot Team: Firebird Backdoor Attacks and Kaspersky’s Q3 APT Report Review

#### Main Points

– Troublesome gang, ‘DoNot Team’ associated with use of .NET-based backdoor known as Firebird, primarily targeting victims in Pakistan and Afghanistan.
– Cybersecurity firm, Kaspersky, divulged the findings in their quarterly APT (Advanced Persistent Threats) report for the third quarter of 2023.
– The attack chains are also reportedly utilized to deliver a downloader, humorously termed CSVtyrei, owing to its similarity with Vtyrei.

##### DoNot Team’s Montage of Menace

Laugh at your own peril as the chaos crew known as DoNot Team, are now reportedly using a novel .NET-based backdoor called Firebird (no relationship with the popular SQL database, hopefully). Targeting a select crowd of victims in Pakistan and Afghanistan, this backdoor is not the kind you leave your keys under accidentally; rather, it’s the digital equivalent of leaving all your doors and windows wide open while you take a holiday.

##### Advanced Persistent Threats, Kaspersky’s Cup of Tea

Nothing goes undetected under the watchful gaze of cybersecurity company, Kaspersky. Penalizing digital trespassers is their bread and butter, and in their Advanced Persistent Threats (i.e., the obvious yet my favorite metaphor for ‘annoyingly clingy cyberthreats’) report for Q3 2023, they spilt the beans about DoNot Team’s latest antics. I guess for Kaspersky, it’s just another day at the office, dealing with DoNot Disturb signs flouted by these cyber miscreants.

##### CSVtyrei: A Nasty Bug with a Nice Name

Now picture this: you’ve got these attack chains, and they’re not just there for the decor. They’re like the minions of the villainous DoNot Team, tasked with delivering a ‘special’ package – a downloader named CSVtyrei. And why CSVtyrei you ask? Simply because it bears an uncanny resemblance to Vtyrei, a classic case of ‘I am not a bug, I am a feature’.

##### Summarized: A DoNot Tale

In a nutshell, this story is about a cyber villain called DoNot Team that’s allegedly using a .NET-based backdoor, ingeniously named Firebird, to zero in on targets in Pakistan and Afghanistan. This juicy information was unveiled by cybersecurity heavyweight Kaspersky in their APT trends report for Q3 2023. Also, in this cyber-crime storyboard, we have attack chains that are geared to deliver a uniquely named downloader, aka CSVtyrei, courtesy of its likeness to Vtyrei. In the cyber world, it seems, the ‘DoNot Disturb’ signs are always being tested.Original Article: https://thehackernews.com/2023/10/donot-teams-new-firebird-backdoor-hits.html


0

Your Cart Is Empty

No products in the cart.