APT-C-35, also known as DoNot Team or Brainworm.
This group is believed to be linked with the Indian government and has been active since at least 2016
Some sources suggest that they may have been involved in earlier campaigns, such as Operation Hangover in 2013 or even 2010
APT-C-35 mainly targets South Asian countries, especially those that have a conflict or dispute with India, such as Pakistan, Sri Lanka, Bangladesh, and Kashmir
They focus on government and military organizations, ministries of foreign affairs, and embassies
History
APT-C-35 uses various methods to infect and spy on their victims, such as spear phishing emails, malicious attachments, remote template injection, and trojanized apps on Google Play
They have developed and used Windows and Android spyware frameworks, such as YTY, Jaca, and DTrack
These frameworks have modular architecture and multiple functionalities, such as file collection, screenshots, keylogging, reverse shell, browser stealing, and gathering system information