11 C
Athens
Τετάρτη, 25 Δεκεμβρίου, 2024

Pakistan-backed hacker outfit targets Indian students, educational institutions: Report

Περισσότερα Νέα

- Advertisement -

A hacker group, known by the cybersecurity community to be backed by Pakistani entities, is now targeting Indian educational institutions and students in a new cyber-espionage campaign, latest research has revealed.

The development has been confirmed by two leading cyber-security research companies, K7 and Cisco Talos, in separate research reports released over the last three months.

The hacker group, known as ‘Transparent Tribe’, is classified as an advanced persistent threat (APT) group and is also known by other aliases like APT36 and Mythic Leopard.

Multiple reports over the years have confirmed that the group focusses almost exclusively on India, with particular emphasis on high-value targets like defence and other government sectors.

Transperent Tribe’s modus operandi

- Advertisement -

According to both Cisco Talos and K7, Transparent Tribe has been circulating an MS Word document, created in the name of a leading technology institute in India.

The first page of the document has the institute’s letterhead, while the next page has a series of questions as part of a purported survey. As soon as the document is opened by the target, it asks them to ‘enable content’, a common occurrence with MS Word files opened on any system for the first time.

Since the target has been fooled into thinking that the document is legitimate and safe, they click the ‘enable content’ option. As a result, the malware hidden in the document’s code extracts itself and silently makes a home inside the target’s device.

What do the reports say?

K7’s initial analysis, published in May this year, was based on a tweet by a threat intelligence researcher, who goes by the name Jazi on Twitter. Jazi seems to have been the first to find a sample of the malicious document and also identified its Command and Control (C2) server.

A C2 server is the server that controls a malware and receives all the data stolen by it. Cheekily enough, the C2 server in this case is named ‘sunnyleone’.

A second, more detailed analysis of the campaign by Cisco Talos, the findings of which were made public earlier this week, confirmed K7’s earlier suspicion that Transparent Tribe was using CrimsonRAT malware to infect the target devices.

A RAT or a Remote Access Trojan is malware that slips into a system disguised as something else and then grants remote access to the device to its C2 server.

The latest version of CrimsonRAT can capture keystrokes on the target device, steal image files, take screenshots of the current screen, and run arbitrary commands on the system.

Cisco Talos has also traced the domain from which phishing emails containing the malicious document were sent, and confirmed that it is hosted by a domain hosting service in Pakistan.

“Typically, this APT group focuses on targeting government (government employees, military personnel) and pseudo-government entities (think tanks, conferences, etc.) using remote access Trojans (RATs) such as CrimsonRAT and ObliqueRAT. However, in this new campaign dating back to December 2021, the adversary is targeting students of universities and colleges in India. This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users,” Cisco Talos stated in its research report.

- Advertisement -

ΑΠΑΝΤΗΣΤΕ

εισάγετε το σχόλιό σας!
παρακαλώ εισάγετε το όνομά σας εδώ

The reCAPTCHA verification period has expired. Please reload the page.

Ροή ειδήσεων

ΣΧΕΤΙΚΑ ΑΡΘΡΑ

Pakistan’s Security Challenges Threaten to Undermine Its Relationship with China

China and Pakistan have long enjoyed close relations, often described as an “ironclad friendship.” However, the historically close relationship between Pakistan and China is...

China’s Military Intervention in Africa

Africa has become a critical arena for China’s military and security strategy beyond its border. The establishment of the PLA overseas base in Djibouti...

Rising Online Surveillance and Deteriorating Internet Freedom in Pakistan

Internet users in Pakistan have reported widespread connectivity issues, including delays in social media messages, difficulties uploading files, and problems sending voice notes. These...

Deep Waters, Dark Secrets – China’s Role in Baltic Cable Sabotage

A Chinese bulk carrier, ‘Yi Peng 3’ is under scrutiny for its possible involvement in damaging two critical undersea cables in the Baltic Sea. It...

ΔΗΜΟΦΙΛΗ ΑΡΘΡΑ

Αποκλειστικό: Συγκλονιστικά βίντεο από τις συγκρούσεις Κούρδων-ισλαμιστών – Οι Κούρδοι καταστρέφουν τουρκικά όπλα με FPV Kamikaze Drone

Οι «Συριακές Δημοκρατικές Δυνάμεις» ( #SDF ) πραγματοποίησαν επιθέσεις με ρουκέτες εναντίον θέσεων του «Συριακού Εθνικού Στρατού» (φιλότουρκοι) (πρώην #TFSA ) κοντά στο φράγμα...

Αποκλειστικό: Στη τουρκική τηλεόραση δείχνουν πως θα γίνει η επίθεση κατά των Κούρδων – Περιπολίες αμερικανών στο Κομπάνι-Βίντεο

Ενώ μια κανονική χώρα θα γιόρταζε την παραμονή των Χριστουγέννων με την οικογένεια και θα παρακολουθούσε χριστουγεννιάτικες αφιερώσεις, το τουρκικό εθνικό κανάλι έχει στρατηγούς...

Aποκλειστικό: Άσκηση κατάληψης νησιών στο Αιγαίο πραγματοποίησε η Τουρκία

Με την συγκρότηση και δεύτερης ταξιαρχίας ΠΖΝ και το τεράστιο εξοπλιστικό πρόγραμμα που βρίσκεται σε εξέλιξη , φαίνεται ξεκάθαρα το επιθετικό δόγμα της Τουρκίας...

Aποκλειστικό-Ισλαμιστές απειλούν Χριστιανούς αδελφούς μας: ”Θα εξαφανίσουμε τους Ρωμιούς από την Συρία!”-Χιλιάδες Χριστιανοί σε όλη την Συρία στους δρόμους-Βίντεο

Θα τελειώσουμε τους Ρωμιούς (Χριστιανούς), είμαστε οι τελευταίοι Ομμάιντ» αυτό είπαν κάποιοι ισλαμιστές αφού παραπονέθηκαν ότι πάλεψαν να «ελευθερώσουν» τη Συρία, θέλουν αίμα. https://twitter.com/poqanarii/status/1871646975516651990 https://twitter.com/poqanarii/status/1871380680082604540 https://twitter.com/poqanarii/status/1871358524875555044 https://twitter.com/poqanarii/status/1871347409521152085 https://twitter.com/GrecoLevantines/status/1871662589673107529 https://twitter.com/GrecoLevantines/status/1871529569846739161