DoNot Go! Do not respawn!

The campaigns of Donot Team are motivated by espionage, using their signature malware: the "yty" malware framework, whose main purpose is to collect and exfiltrate data. According to ESET's telemetry, Donot Team focuses on a small number of targets in South Asia - Bangladesh, Sri Lanka, Pakistan and Nepal These attacks are focused on: Government and military organizations Ministries of Foreign Affairs Embassies Going as far as targeting embassies of these countries in other regions, such as the Middle East, Europe, North America, and Latin America, is also not outside Donot Team's realm. It's not a rarity for APT operators to attempt to regain access to a compromised network after they have been ejected from it. In some cases this is achieved through the deployment of a stealthier backdoor that remains quiet until the attackers need it; in other cases they simply restart their operation with new malware or a variant of the malware they used previously. The latter is the case with Donot Team operators, only that they are remarkably persistent in their attempts. According to ESET telemetry, Donot Team has been consistently targeting the same entities with waves of spearphishing emails with malicious attachments every two to four months. Interestingly, emails they were able to retrieve and analyze did not show signs of spoofing. Some emails were sent from the same organizations that were being attacked. It's possible that the attackers may have compromised the email accounts of some of their victims in earlier campaigns, or the email server used by those organizations.