Security News > 2022 > July > Pakistani Hackers Targeting Indian Students in Latest Malware Campaign
The advanced persistent threat group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021.
Also tracked under the monikers APT36, Operation C-Major, PROJECTM, Mythic Leopard, the Transparent Tribe actor is suspected to be of Pakistani origin and is known to strike government entities and think tanks in India and Afghanistan with custom malware such as CrimsonRAT, ObliqueRAT, and CapraRAT. But the targeting of educational institutions and students, first observed by India-based K7 Labs in May 2022, indicates a deviation from the adversary's typical focus.
"The latest targeting of the educational sector may align with the strategic goals of espionage of the nation-state," Cisco Talos researchers told The Hacker News.
"APTs will frequently target individuals at universities and technical research organizations in order to establish long term access to siphon off data related to ongoing research projects."
What's more, a number of these decoy documents are said to be hosted on education-themed domains that were registered as early as June 2021, with the infrastructure operated by a Pakistani web hosting services provider named Zain Hosting.
"The entire scope of Zain Hosting's role in the Transparent Tribe organization is still unknown," the researchers noted.
News URL
https://thehackernews.com/2022/07/pakistani-hackers-targeting-indian.html
Related news
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)
- Unpatched Mazda Connect bugs let hackers install persistent malware (source)
- North Korean Hackers Target macOS Using Flutter-Embedded Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Chinese hackers target Linux with new WolfsBane malware (source)
- Russian Hackers Deploy HATVIBE and CHERRYSPY Malware Across Europe and Asia (source)
- North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn (source)