Security News > 2021 > May > Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal
Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research.
The attacks have been linked to a group called Transparent Tribe, also known as Operation C-Major, APT36, and Mythic Leopard, which has created fraudulent domains mimicking legitimate Indian military and defense organizations, and other fake domains posing as file-sharing sites to host malicious artifacts.
These domains are used to deliver maldocs distributing CrimsonRAT, and ObliqueRAT, with the group incorporating new phishing, lures such as resume documents, conference agendas, and defense and diplomatic themes into its operational toolkit.
It's worth noting that APT36 was previously linked to a malware campaign targeting organizations in South Asia to deploy ObliqueRAT on Windows systems under the guise of seemingly innocuous images hosted on infected websites.
"While CrimsonRAT remains the group's staple Windows implant, their development and distribution of ObliqueRAT in early 2020 indicates they are rapidly expanding their Windows malware arsenal."
"Transparent Tribe's tactics, techniques, and procedures have remained largely unchanged since 2020, but the group continues to implement new lures into its operational toolkit," the researchers said.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/6_YF2n3KTQg/pakistan-linked-hackers-added-new.html
Related news
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)