Security News > 2022 > July > Pakistani Hackers Targeting Indian Students in Latest Malware Campaign

The advanced persistent threat group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021.

Also tracked under the monikers APT36, Operation C-Major, PROJECTM, Mythic Leopard, the Transparent Tribe actor is suspected to be of Pakistani origin and is known to strike government entities and think tanks in India and Afghanistan with custom malware such as CrimsonRAT, ObliqueRAT, and CapraRAT. But the targeting of educational institutions and students, first observed by India-based K7 Labs in May 2022, indicates a deviation from the adversary's typical focus.

"The latest targeting of the educational sector may align with the strategic goals of espionage of the nation-state," Cisco Talos researchers told The Hacker News.

"APTs will frequently target individuals at universities and technical research organizations in order to establish long term access to siphon off data related to ongoing research projects."

What's more, a number of these decoy documents are said to be hosted on education-themed domains that were registered as early as June 2021, with the infrastructure operated by a Pakistani web hosting services provider named Zain Hosting.

"The entire scope of Zain Hosting's role in the Transparent Tribe organization is still unknown," the researchers noted.

News URL

https://thehackernews.com/2022/07/pakistani-hackers-targeting-indian.html