DoNot Team Bangladesh military and defence espionage campaign
Campaign
Summary
Hide ▲
Show ▼
A DoNot Team espionage campaign targeted Bangladesh's military and defence establishments, using spear-phishing RTF files to deliver a DLL implant and establish scheduled-task persistence. The operation relied on remote template injection, a VBA macro, and geofencing to deliver payloads only to intended victims. The implant disguised itself as OneDrive telemetry, profiled hosts, and beaconed to C2 over HTTPS, indicating a focused effort to maintain access and support intelligence collection.
Related Happenings
APT28 long-term espionage campaign targeting Ukrainian military personnel
Campaign
H score32
First: 10.03.2026 12:55
Last: 10.03.2026 12:55
Sources 1
About this happening:
A sustained APT28 espionage campaign is using BEARDSHELL and COVENANT to surveil Ukrainian military personnel, extending access through cloud-based C2 and incr...
APT28 long-term espionage campaign targeting Ukrainian military personnel
CampaignAbout this happening: A sustained APT28 espionage campaign is using BEARDSHELL and COVENANT to surveil Ukrainian military personnel, extending access through cloud-based C2 and incr...
Evasive Panda DNS poisoning MgBot espionage campaign
Campaign
H score33
First: 26.12.2025 16:44
Last: 26.12.2025 16:44
Sources 1
About this happening:
Evasive Panda ran a highly targeted cyber espionage campaign that used DNS poisoning to deliver MgBot to victims in Türkiye, China, and India. The operation wa...
Evasive Panda DNS poisoning MgBot espionage campaign
CampaignAbout this happening: Evasive Panda ran a highly targeted cyber espionage campaign that used DNS poisoning to deliver MgBot to victims in Türkiye, China, and India. The operation wa...
Timeline
-
17.07.2026 11:46 2 articles · 3h ago
DoNot Team targets Bangladesh's military and defence establishments with spear-phishing RTF files
Initial DisclosureDoNot Team conducted a targeted cyber espionage operation against Bangladesh's military and defence establishments, using spear-phishing emails with a malware-laced RTF document to drop a DLL implant that established scheduled-task persistence, profiled the host, and beaconed to a C2 server over HTTPS.
Show sources
- New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage — thehackernews.com — 17.07.2026 11:46
- New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage — thehackernews.com — 17.07.2026 11:46