Security News > 2022 > November > Researchers Detail New Malware Campaign Targeting Indian Government Employees

The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach.

The cybersecurity company said the advanced persistent threat group has also conducted low-volume credential harvesting attacks in which rogue websites masquerading as official Indian government websites were set up to lure unwitting users into entering their passwords.

Earlier this March, Cisco Talos uncovered a hacking campaign that employed fake Windows installers for Kavach as a decoy to infect government personnel with CrimsonRAT and other artifacts.

"The threat actor registered multiple new domains hosting web pages masquerading as the official Kavach app download portal," Singh said.

"APT-36 continues to be one of the most prevalent advanced persistent threat groups focused on targeting users working in Indian governmental organizations," Singh said.

"Applications used internally at the Indian government organizations are a popular choice of social engineering theme used by the APT-36 group."

News URL

https://thehackernews.com/2022/11/researchers-detail-new-malware-campaign.html