14.3 C
Athens
Τρίτη, 24 Δεκεμβρίου, 2024

Pakistan-backed hacker outfit targets Indian students, educational institutions: Report

Περισσότερα Νέα

- Advertisement -

A hacker group, known by the cybersecurity community to be backed by Pakistani entities, is now targeting Indian educational institutions and students in a new cyber-espionage campaign, latest research has revealed.

The development has been confirmed by two leading cyber-security research companies, K7 and Cisco Talos, in separate research reports released over the last three months.

The hacker group, known as ‘Transparent Tribe’, is classified as an advanced persistent threat (APT) group and is also known by other aliases like APT36 and Mythic Leopard.

Multiple reports over the years have confirmed that the group focusses almost exclusively on India, with particular emphasis on high-value targets like defence and other government sectors.

Transperent Tribe’s modus operandi

- Advertisement -

According to both Cisco Talos and K7, Transparent Tribe has been circulating an MS Word document, created in the name of a leading technology institute in India.

The first page of the document has the institute’s letterhead, while the next page has a series of questions as part of a purported survey. As soon as the document is opened by the target, it asks them to ‘enable content’, a common occurrence with MS Word files opened on any system for the first time.

Since the target has been fooled into thinking that the document is legitimate and safe, they click the ‘enable content’ option. As a result, the malware hidden in the document’s code extracts itself and silently makes a home inside the target’s device.

What do the reports say?

K7’s initial analysis, published in May this year, was based on a tweet by a threat intelligence researcher, who goes by the name Jazi on Twitter. Jazi seems to have been the first to find a sample of the malicious document and also identified its Command and Control (C2) server.

A C2 server is the server that controls a malware and receives all the data stolen by it. Cheekily enough, the C2 server in this case is named ‘sunnyleone’.

A second, more detailed analysis of the campaign by Cisco Talos, the findings of which were made public earlier this week, confirmed K7’s earlier suspicion that Transparent Tribe was using CrimsonRAT malware to infect the target devices.

A RAT or a Remote Access Trojan is malware that slips into a system disguised as something else and then grants remote access to the device to its C2 server.

The latest version of CrimsonRAT can capture keystrokes on the target device, steal image files, take screenshots of the current screen, and run arbitrary commands on the system.

Cisco Talos has also traced the domain from which phishing emails containing the malicious document were sent, and confirmed that it is hosted by a domain hosting service in Pakistan.

“Typically, this APT group focuses on targeting government (government employees, military personnel) and pseudo-government entities (think tanks, conferences, etc.) using remote access Trojans (RATs) such as CrimsonRAT and ObliqueRAT. However, in this new campaign dating back to December 2021, the adversary is targeting students of universities and colleges in India. This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users,” Cisco Talos stated in its research report.

- Advertisement -

ΑΠΑΝΤΗΣΤΕ

εισάγετε το σχόλιό σας!
παρακαλώ εισάγετε το όνομά σας εδώ

The reCAPTCHA verification period has expired. Please reload the page.

Ροή ειδήσεων

ΣΧΕΤΙΚΑ ΑΡΘΡΑ

China’s Military Intervention in Africa

Africa has become a critical arena for China’s military and security strategy beyond its border. The establishment of the PLA overseas base in Djibouti...

Rising Online Surveillance and Deteriorating Internet Freedom in Pakistan

Internet users in Pakistan have reported widespread connectivity issues, including delays in social media messages, difficulties uploading files, and problems sending voice notes. These...

Deep Waters, Dark Secrets – China’s Role in Baltic Cable Sabotage

A Chinese bulk carrier, ‘Yi Peng 3’ is under scrutiny for its possible involvement in damaging two critical undersea cables in the Baltic Sea. It...

Africa’s trade deficit with China continues to widen

African countries suffer from the trade deficit with China, which has continued to swell. In 2023, the exports from China were in surplus by...

ΔΗΜΟΦΙΛΗ ΑΡΘΡΑ

Ο Νετανιάχου διέταξε τον στρατό να καταστρέψει τις υποδομές των Χούθι – Αναχαιτίστηκε πύραυλος από την Υεμένη

Ο Ισραηλινός πρωθυπουργός Μπενιαμίν Νετανιάχου δήλωσε χθες Δευτέρα πως διέταξε τις ένοπλες δυνάμεις της χώρας του να «καταστρέψουν τις υποδομές» του κινήματος ανταρτών Χούθι...

Συρία: Διαδηλώσεις για το κάψιμο χριστουγεννιάτικου δέντρου – «Θα θυσιάσουμε την ψυχή μας για τον σταυρό μας»

Ένα βίντεο που αναρτήθηκε στα μέσα κοινωνικής δικτύωσης δείχνει μασκοφόρους ένοπλους να βάζουν φωτιά στο δέντρο που εκτίθεται στην κεντρική πλατεία της Σουκαϊλαμπίγια, μιας...

Ισραήλ: Παρατάθηκε για έναν χρόνο η κατάσταση έκτακτης ανάγκης – Μήνυμα στους Χριστιανούς από τον Νετανιάχου

Υπέρ της παράτασης της κατάστασης έκτακτης ανάγκης για έναν ακόμη χρόνο ψήφισε το κοινοβούλιο στο Ισραήλ, και ενώ ο Μπενιαμίν Νετανιάχου απηύθυνε μήνυμα προς...

Συρία: Ισλαμιστές έκαψαν χριστουγεννιάτικο δέντρο – Καλούν σε βοήθεια οι Χριστιανοί-Bίντεο-Εικόνες

Διαμαρτυρίες προκάλεσε στη Συρία το κάψιμο ενός χριστουγεννιάτικου δέντρου κοντά στη Χάμα, με αποτέλεσμα χιλιάδες διαδηλωτές να βγουν στους δρόμους για να ζητήσουν από...