Security News > 2020 > August > Transparent Tribe Mounts Ongoing Spy Campaign on Military, Government

Transparent Tribe Mounts Ongoing Spy Campaign on Military, Government
2020-08-20 15:42

The APT group Transparent Tribe is mounting an ongoing cyberespionage campaign, researchers said, which is aimed at military and diplomatic targets around the world.

Transparent Tribe has updated Crimson RAT for this campaign, the firm said, adding a server-side component used to manage infected client machines as well as a new USBWorm component developed for stealing files from removable drives, spreading across systems by infecting removable media, and downloading and executing a thin-client version of Crimson from a remote server.

"The victim will execute the worm every time he tries to access a directory. Moreover, the malware does not delete the real directories and executes 'explorer.exe' when started, providing the hidden directory path as argument. The command will open the Explorer window as expected by the user."

"Our investigation indicates that Transparent Tribe continues to run a high amount of activity against multiple targets," said Giampaolo Dedola, security expert at Kaspersky, in a media statement.

"During the last 12 months, we have observed a very broad campaign against military and diplomatic targets, using a big infrastructure to support its operations and continuous improvements in its arsenal. The group continue to invest in its main RAT, Crimson, to perform intelligence activities and spy on sensitive targets. We don't expect any slowdown from this group in the near future and we'll continue to monitor its activities."


News URL

https://threatpost.com/transparent-tribe-ongoing-spy-campaign-military-government/158515/