• News
  • Security
  • Products
  • About Seqrite
Blogs on Information Technology, Network & Cybersecurity | Seqrite Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  APT • Malware  /  Transparent Tribe APT actively lures Indian Army amidst increased targeting of Educational Institutions
Transparent Tribe APT actively lures Indian Army amidst increased targeting of Educational Institutions
02 May 2023

Transparent Tribe APT actively lures Indian Army amidst increased targeting of Educational Institutions

Written by Sathwik Ram Prakki
Sathwik Ram Prakki
APT, Malware
Estimated reading time: 2 minutes

Overview

APT Transparent Tribe (APT36) is luring the Indian Army into opening the malicious file themed ‘Revision of Officers posting policy.’ Quick Heal’s APT Team has been constantly tracking this persistent threat group and has encountered a new attack campaign targeting India.

At the same time, we have also observed increased targeting of the education sector by the same threat actor. This is in continuation of targeting IITs since last year.

Furthermore, the sub-division of this group, SideCopy, has been observed recently targeting an Indian Defense Organization where the domain hosting malicious files was probably being tested to act as a phishing page.

Key Findings

  • APT36 is targeting Indian Army with malicious PPAM files with ‘Officers posting policy reviseed final’ as the theme.
  • These macro-enabled PowerPoint add-on files (PPAM) are utilized to wrap malicious payloads by embedding archive files as OLE objects.
  • The infection chain leads to the execution of a .NET-based Crimson RAT payload that can receive and execute 22 commands along with the persistence mechanism.

Overview of Attack Chain

  • C2 used by APT36 uses the same Common Name, which is usually found in this threat group’s C2 infrastructure.
  • From targeting IITs to NITs and Business schools now, we have observed an increased targeting in the first quarter of 2023, peaking in February.

Summary

Transparent Tribe is a Pakistani threat group, active since 2013. It is a persistent threat actor targeting the Indian government and military entities. The group continuously uses payloads such as Crimson RAT and Capra RAT in its campaigns, constantly upgrading them.

Since May 2022 last year, Transparent Tribe has begun targeting the education sector, which surged in 2023. An in-depth analysis of the latest infection chain targeting the Indian Army and details of the education sector targeting can be found in our whitepaper.

 

 

 

 Previous PostUnseen Threats Lurking: Protect Your Small Business from Cyberatt...
Next Post  Supercharge your security operations with end-to-end visibility, ...
Sathwik Ram Prakki

About Sathwik Ram Prakki

Sathwik Ram Prakki is working as a Security Researcher in Security Labs at Quick Heal. His focus areas are Threat Intelligence, Threat Hunting, and writing about...

Articles by Sathwik Ram Prakki »

Related Posts

  • Calling from the Underground: An alternative way to penetrate corporate networks

    January 11, 2023
  • Advisory on Russia-Ukraine Conflict-Related Cyberattacks

    March 15, 2022
  • Multi-Staged JSOutProx RAT Targets Indian Co-Operative Banks and Finance Companies

    October 22, 2021

No Comments

Leave a Reply.Your email address will not be published.
Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts
  • What is the mystery about the Deep and Dark Web? What is the mystery about the Deep and Dark Web? June 19, 2018
  • Benefits of having Intrusion Prevention/Detection System in your enterprise Benefits of having Intrusion Prevention/Detection System in your enterprise February 15, 2018
  • Transparent Tribe APT actively lures Indian Army amidst increased targeting of Educational Institutions Transparent Tribe APT actively lures Indian Army amidst increased targeting of Educational Institutions May 2, 2023
Featured Authors
  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..
  • Jayesh Kulkarni
    Jayesh Kulkarni

    Jayesh is working as a Security Researcher for a couple of years. He likes to...

    Read more..
Stay Updated!
Topics
apt (11) Cyber-attack (32) cyber-attacks (56) cyberattack (12) cyberattacks (12) Cybersecurity (302) cyber security (26) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (103) Enterprise security (16) EPS (10) Exploit (12) firewall (11) hackers (11) IoT (10) malware (66) malware attack (23) malware attacks (12) MDM (25) Microsoft (14) Network security (18) Patch Management (12) phishing (19) Ransomware (62) ransomware attack (29) ransomware attacks (30) ransomware protection (12) security (10) Seqrite (26) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (15) windows (11)
Products
  • Seqrite MSSP Portal
  • HawkkScan
  • HawkkProtect
  • HawkkHunt XDR
  • HawkkEye
  • HawkkEye Endpoint Security Cloud
  • HawkkEye mSuite
  • HawkkEye Workspace
  • Endpoint Security (EPS)
  • Unified Threat Management
  • Antivirus for Server
  • Antivirus for Linux
Resources
  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies
About Us
  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom
Archives
  • By Date
  • By Category

© 2022 Quick Heal Technologies Ltd. Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.