Pakistani hackers target Indian students with malware

Pakistani hackers target Indian students with malware

Phishing campaigns targeting students at various Indian educational institutions have been linked to the Transparent Tribe APT group since December 2021.


There is evidence that the APT is expanding its victims to include civilians in this new campaign that has been shared by Cisco Talos.


It is believed to be a Pakistani-based group known as the Transparent Tribe that has been known to attack government institutions in India and Afghanistan with malware like CrimsonRAT, ObliqueRAT, and CapraRAT.


In May of 2022, India-based K7 Labs became aware of the adversary's new focus on educational institutions and students.


Talos researchers at Cisco Talos believe that the recent targeting of the educational sector may align with the nation-strategic state's goals of espionage. To gain long-term access to ongoing research projects, "APTs frequently target individuals at universities and technical research organizations."


Using spear-phishing emails, the attackers deliver a malicious document to their targets, which then triggers the deployment of CrimsonRAT. This is documented by the cybersecurity firm.


One of the researchers said of this APT, "It makes a significant effort to social engineer its victims into infecting themselves." "Email lures from Transparent Tribes try to appear as legitimate as possible with relevant content to convince the targets to open the malicious documents or visit the malicious links provided."


To gain long-term access to victim networks, the threat actor relies on CrimsonRAT (also known as SEEDOOR and Scarimson), a staple implant of choice for the attacker.


With its modular design, the malware allows its infected host to be remotely controlled, steal browser credentials, record keystrokes, take screenshots, and run arbitrary commands.


A Pakistani web hosting service provider, Zain Hosting, is alleged to have hosted a number of these decoy documents (e.g., "studentsportal[.co]"), which were registered as early as June 2021.


The researchers noted that "the full scope of Zain Hosting's role in the Transparent Tribe organization is still unknown." According to Transparent Tribe, this is likely one of the many third-party service providers they use to stage, prepare, and/or deploy their operations."

0 Comments

Your suggestions and comments are welcome

Post a Comment

Your suggestions and comments are welcome

Post a Comment (0)

Previous Post Next Post