Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions

2023-04-13 10:19

The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in attacks targeting the Indian education sector using a continuously maintained piece of malware called Crimson RAT. While the suspected Pakistan-based threat group is known to target military and government entities in the country, the activities have since expanded to include the education vertical.

Last month, ESET attributed Transparent Tribe to a cyber espionage campaign aimed at infecting Indian and Pakistani Android users with a backdoor called CapraRAT. An analysis of Crimson RAT samples has revealed the presence of the word "Wibemax," corroborating a previous report from Fortinet.

That said, it bears noting that Transparent Tribe has in the past leveraged infrastructure operated by a web hosting provider called Zain Hosting in attacks targeting the Indian education sector.

"These documents distributed by Transparent Tribe typically display an image indicating that the document content is locked."

"Transparent Tribe is a highly motivated and persistent threat actor that regularly updates its malware arsenal, operational playbook, and target," Milenkoski said.

"Transparent Tribe's constantly changing operational and targeting strategies require constant vigilance to mitigate the threat posed by the group."

News URL

https://thehackernews.com/2023/04/pakistan-based-transparent-tribe.html

#hacker #indian