Security News > 2022 > July > Pakistani Hackers Targeting Indian Students in Latest Malware Campaign
The advanced persistent threat group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021.
Also tracked under the monikers APT36, Operation C-Major, PROJECTM, Mythic Leopard, the Transparent Tribe actor is suspected to be of Pakistani origin and is known to strike government entities and think tanks in India and Afghanistan with custom malware such as CrimsonRAT, ObliqueRAT, and CapraRAT. But the targeting of educational institutions and students, first observed by India-based K7 Labs in May 2022, indicates a deviation from the adversary's typical focus.
"The latest targeting of the educational sector may align with the strategic goals of espionage of the nation-state," Cisco Talos researchers told The Hacker News.
"APTs will frequently target individuals at universities and technical research organizations in order to establish long term access to siphon off data related to ongoing research projects."
What's more, a number of these decoy documents are said to be hosted on education-themed domains that were registered as early as June 2021, with the infrastructure operated by a Pakistani web hosting services provider named Zain Hosting.
"The entire scope of Zain Hosting's role in the Transparent Tribe organization is still unknown," the researchers noted.
News URL
https://thehackernews.com/2022/07/pakistani-hackers-targeting-indian.html
Related news
- North Korean hackers exploit VPN update flaw to install malware (source)
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- South Korean hackers exploited WPS Office zero-day to deploy malware (source)
- Hackers Use Fake GlobalProtect VPN Software in New WikiLoader Malware Attack (source)
- Fake OnlyFans cybercrime tool infects hackers with malware (source)
- GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware (source)
- Chinese hackers use new data theft malware in govt attacks (source)
- North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware (source)
- North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware (source)