Pakistan's Hackers Attack India's Education Sector

Uploaded on 2023-04-17 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

A suspected Pakistan-aligned threat group, known as APT36 or Transparent Tribe, has been observed targeting the education sector in India with malicious Office documents distributing Crimson RAT.

The group has been active since at least 2013, but according to an advisory notice by SentinelOne, it is now shifting from attacking Indian military and government personnel targets to also disrupting educational institutions in India.

According to the technical analysis by SentinelOne , the names and content of the lure documents, as well as the associated domains and the use of Crimson RAT, suggest that the recent activities observed are part of a concerted campaign by Transparent Tribe. “Crimson RAT is a consistent staple in the group’s malware arsenal the adversary uses in its campaigns,” wrote Sentinel's senior threat researcher, Aleksandar Milenkoski.

The threat intelligence experts at Cisco Talos recently discovered an ongoing campaign conducted by the Transparent Tribe APT group against students at various educational institutions in India and have found details regarding the adversary's operations. 

Typically, this APT group focuses on targeting government (government employees, military personnel) and pseudo-government entities (think tanks, conferences, etc.) using remote access trojans (RATs) such as CrimsonRAT and ObliqueRAT.  However, in this new campaign dating back to December 2021, the adversary is targeting students of universities and colleges in India.

This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users.

The resrearchers say they have a high level of confidence that a Pakistani web hosting services provider, "ZainHosting" was employed by the APT for deploying and operating parts of Transparent Tribe's infrastructure used in this campaign.

Threat Actor Profile  

Transparent Tribe is a suspected Pakistan-linked threat actor. This group typically targets individuals and entities associated with governments and military personnel in the Indian subcontinent, specifically Afghanistan and India. Transparent Tribe has also been known to use their CrimsonRAT implant against human rights activists in Pakistan.

Cisco Talos:     SentinelOneOodaloop:      Infosecurity Magazine:    The RecordCybersecuritynews

You Might Also Read: 

India's Health Systems Are A Top Target:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Highly Evasive Adaptive Threats & Advanced Persistent Threats
Social Media’s Impact On The War In Ukraine »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Security Innovation

Security Innovation

Security Innovation is a leader in software security assessments and application security training to top organizations worldwide.

National Response Centre for Cyber Crime (NR3C) - Pakistan

National Response Centre for Cyber Crime (NR3C) - Pakistan

National Response Centre for Cyber Crime (NR3C) is a law enforcement agency in Pakistan dedicated to fighting cyber crime.

Guardian360

Guardian360

The Guardian360 platform offers unrivalled insight into the security of your applications and IT infrastructure.

Fortress Information Security

Fortress Information Security

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US.

OISTE Foundation

OISTE Foundation

OISTE foundation allows users to control their digital identities using well-understood and secure algorithms that ensure the continued validity of an identity and its claims.

Hazy

Hazy

Hazy specialises in financial services, helping some of the world’s top banks and insurance companies reduce compliance risk.

Shevirah

Shevirah

Shevirah specializes in products for automated mobile and IoT device vulnerability assessment, penetration testing, and mobile security awareness training.

AVANTEC

AVANTEC

AVANTEC is the leading Swiss provider of IT security solutions in the areas of cloud, content, network and endpoint security.

Sec-Ops

Sec-Ops

Sec-Ops is a forward thinking cyber security company, formed by a group of security enthusiasts with years of experience and backgrounds in the technology and the government industries.

Canonic Security

Canonic Security

Canonic streamlines app review, continuously monitors apps, and reduces the risks involved in third-party access to your data.

Nitel

Nitel

Nitel is a leading next-generation technology services provider. We simplify the complex technology challenges of today’s enterprises to create seamless and integrated managed network solutions.

RSK Cyber Security

RSK Cyber Security

RSK Cyber Security are a leading cyber security services company that uses services, consulting, and product knowledge to lower security risk across the board.

Genix Cyber

Genix Cyber

Genix Cyber provides world-class cybersecurity services that protect systems, cloud applications, infrastructure, critical data, and networks from evolving cyber threats.

Netia

Netia

Netia is a Polish telecommunications company providing a range of business services including network solutions, communications, data centre and cloud, and cybersecurity.

Mitigata

Mitigata

Welcome to Mitigata, your premier partner in cybersecurity insurance, defence, compliance, and consultancy.

8kSec

8kSec

8kSec is a cybersecurity company specializing in training, consulting, and research.