Pakistan's Hackers Attack India's Education Sector

Uploaded on 2023-04-17 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

A suspected Pakistan-aligned threat group, known as APT36 or Transparent Tribe, has been observed targeting the education sector in India with malicious Office documents distributing Crimson RAT.

The group has been active since at least 2013, but according to an advisory notice by SentinelOne, it is now shifting from attacking Indian military and government personnel targets to also disrupting educational institutions in India.

According to the technical analysis by SentinelOne , the names and content of the lure documents, as well as the associated domains and the use of Crimson RAT, suggest that the recent activities observed are part of a concerted campaign by Transparent Tribe. “Crimson RAT is a consistent staple in the group’s malware arsenal the adversary uses in its campaigns,” wrote Sentinel's senior threat researcher, Aleksandar Milenkoski.

The threat intelligence experts at Cisco Talos recently discovered an ongoing campaign conducted by the Transparent Tribe APT group against students at various educational institutions in India and have found details regarding the adversary's operations. 

Typically, this APT group focuses on targeting government (government employees, military personnel) and pseudo-government entities (think tanks, conferences, etc.) using remote access trojans (RATs) such as CrimsonRAT and ObliqueRAT.  However, in this new campaign dating back to December 2021, the adversary is targeting students of universities and colleges in India.

This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users.

The resrearchers say they have a high level of confidence that a Pakistani web hosting services provider, "ZainHosting" was employed by the APT for deploying and operating parts of Transparent Tribe's infrastructure used in this campaign.

Threat Actor Profile  

Transparent Tribe is a suspected Pakistan-linked threat actor. This group typically targets individuals and entities associated with governments and military personnel in the Indian subcontinent, specifically Afghanistan and India. Transparent Tribe has also been known to use their CrimsonRAT implant against human rights activists in Pakistan.

Cisco Talos:     SentinelOneOodaloop:      Infosecurity Magazine:    The RecordCybersecuritynews

You Might Also Read: 

India's Health Systems Are A Top Target:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Highly Evasive Adaptive Threats & Advanced Persistent Threats
Social Media’s Impact On The War In Ukraine »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DriveLock

DriveLock

Our security solution is designed to prevent external attacks, which are evermore sophisticated as well as monitor, document and even prevent internal incidents.

IP Performance

IP Performance

IP Performance Limited is a leading supplier of customised network infrastructure and security solutions.

CIRCL

CIRCL

CIRCL is the national Computer Incident Response Center of Luxembourg

HDI Global SE

HDI Global SE

HDI Global SE provides customised insurance solutions for industrial and commercial clients worldwide including Cyber Liability insurance.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

iFluids Engineering

iFluids Engineering

iFluids Engineering is a leading engineering consulting and risk management firm providing a full range of services including Cyber Security for Industrial Control Systems.

Slovak National Accreditation Service (SNAS)

Slovak National Accreditation Service (SNAS)

SNAS is the national accreditation body for Slovakia. The directory of members provides details of organisations offering certification services for ISO 27001.

IT Security Jobs

IT Security Jobs

IT Security Jobs is a dedicated portal for everything related to IT professionals looking for IT Security jobs.

R3

R3

R3 is an enterprise blockchain software firm working with a broad ecosystem of more than 300 participants across multiple industries to develop blockchain applications.

DDLS

DDLS

DDLS is Australia's largest provider of corporate IT, process training and cybersecurity training courses and certification programs.

INFRA Security & Vulnerability Scanner

INFRA Security & Vulnerability Scanner

INFRA is a powerful platform with an easy interface for any kind of Ethical Hacking, from corporate monitoring and VAPT (vulnerability assessments and penetration testing) to military intelligence.

Stratum Security

Stratum Security

Stratum Security is an information security consulting company that focuses on providing clear and concise risk guidance to its clients through high quality assessment services.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.

Radius Technologies

Radius Technologies

Radius Technologies is trusted by progressive SMEs to deliver world-class cloud, IT solutions, IT and data security, and telecoms systems.

Threat Con

Threat Con

Threat Con is a one of its kind event in Nepal, a series of annual international security conventions similar to the famous Black Hat and DEF CON conferences.

Telarus

Telarus

Telarus is a Technology Services Brokerage that holds contracts with the world's leading cloud voice, contact center, cybersecurity, mobility and IoT providers.