New Hacking Campaign by Transparent Tribe Hackers Targeting Indian Officials

2022-03-29 20:15

A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021.

"Their primary targets have been government and military personnel in Afghanistan and India. This campaign furthers this targeting and their central goal of establishing long term access for espionage."

Last month, the advanced persistent threat expanded its malware toolset to compromise Android devices with a backdoor named CapraRAT that exhibits a high "Degree of crossover" with CrimsonRAT. The latest set of attacks detailed by Cisco Talos involves making use of fake domains that mimic legitimate government and related organizations to deliver the malicious payloads, including a Python-based stager used to install.

Besides continually evolving their deployment tactics and malicious functionalities, Transparent Tribe is known to rely on a variety of delivery methods, such as executables impersonating installers of legitimate applications, archive files, and weaponized documents to target Indian entities and individuals.

One of the downloader executables masquerades as Kavach, an Indian government-mandated two-factor authentication solution required for accessing email services, in order to deliver the malicious artifacts.

"The use of multiple types of delivery vehicles and new bespoke malware that can be easily modified for agile operations indicates that the group is aggressive and persistent, nimble, and constantly evolving their tactics to infect targets," the researchers said.

News URL

https://thehackernews.com/2022/03/new-hacking-campaign-by-transparent.html

#hacker #hacking #indian