Pakistan's Hackers Attack India's Education Sector

Uploaded on 2023-04-17 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

A suspected Pakistan-aligned threat group, known as APT36 or Transparent Tribe, has been observed targeting the education sector in India with malicious Office documents distributing Crimson RAT.

The group has been active since at least 2013, but according to an advisory notice by SentinelOne, it is now shifting from attacking Indian military and government personnel targets to also disrupting educational institutions in India.

According to the technical analysis by SentinelOne , the names and content of the lure documents, as well as the associated domains and the use of Crimson RAT, suggest that the recent activities observed are part of a concerted campaign by Transparent Tribe. “Crimson RAT is a consistent staple in the group’s malware arsenal the adversary uses in its campaigns,” wrote Sentinel's senior threat researcher, Aleksandar Milenkoski.

The threat intelligence experts at Cisco Talos recently discovered an ongoing campaign conducted by the Transparent Tribe APT group against students at various educational institutions in India and have found details regarding the adversary's operations. 

Typically, this APT group focuses on targeting government (government employees, military personnel) and pseudo-government entities (think tanks, conferences, etc.) using remote access trojans (RATs) such as CrimsonRAT and ObliqueRAT.  However, in this new campaign dating back to December 2021, the adversary is targeting students of universities and colleges in India.

This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users.

The resrearchers say they have a high level of confidence that a Pakistani web hosting services provider, "ZainHosting" was employed by the APT for deploying and operating parts of Transparent Tribe's infrastructure used in this campaign.

Threat Actor Profile  

Transparent Tribe is a suspected Pakistan-linked threat actor. This group typically targets individuals and entities associated with governments and military personnel in the Indian subcontinent, specifically Afghanistan and India. Transparent Tribe has also been known to use their CrimsonRAT implant against human rights activists in Pakistan.

Cisco Talos:     SentinelOneOodaloop:      Infosecurity Magazine:    The RecordCybersecuritynews

You Might Also Read: 

India's Health Systems Are A Top Target:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Highly Evasive Adaptive Threats & Advanced Persistent Threats
Social Media’s Impact On The War In Ukraine »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Renaissance

Renaissance

Renaissance is Ireland's premier value added distributor of IT security solutions and a leading independent provider of business continuity consultancy.

Law Enforcement Cyber Center (LECC)

Law Enforcement Cyber Center (LECC)

LECC is designed to assist police, digital forensic investigators, detectives, and prosecutors who are investigating and preventing crimes that involve technology.

Cyber Risk Policies

Cyber Risk Policies

CyberRiskPolicy.com is a joint venture between the Poindexter Surety Group of companies and Gibbs Cyber Security.

CloudCodes Software

CloudCodes Software

CloudCodes is a cloud security solutions provider focused on providing cloud security solutions to enterprise customers.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

Sysorex Government Services

Sysorex Government Services

Sysorex Government Services helps customers meet their strategic missions by providing secure, optimized IT solutions that allow them to perform more efficiently and effectively.

FFRI Security

FFRI Security

FFRI is committed to research and development of preventing the most advanced cyber-attacks and breaches.

ES2

ES2

ES2 is a consulting organisation specialising in Enterprise Security and Solutions Services.

CyberSwarm

CyberSwarm

CyberSwarm is developing a neuromorphic System-on-a-Chip dedicated to cybersecurity which helps organizations secure communication between connected devices and protect critical business assets.

TrueFort

TrueFort

TrueFort take an application-first approach that offers comprehensive protection for real-time visibility and analysis, protection and better communication across business, IT, and security teams.

ProofID

ProofID

ProofID is a specialist provider of Identity Access Management (IAM) solutions. We focus on the solving the complex needs of the modern enterprise.

BT Security

BT Security

BT provides telecommunications and network infrastructure services to keep businesses around the world connected and secure.

HEQA Security

HEQA Security

HEQA Security (formerly QuantLR) offer the world’s most cost-effective, easy-to-integrate, and secure Quantum Key Distribution (QKD) solution

CAT Labs

CAT Labs

CAT Labs is building digital asset recovery and cybersecurity tools to enable governments to fight crypto crime and to protect investors from hacks, fraud and scams.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.

SSL2BUY

SSL2BUY

SSL2BUY is a leading SSL certificate provider, authorized to sell top CA brands like Comodo, DigiCert, GlobalSign, Thawte, GeoTrust and more.