Pakistan-based hackers are using these programming languages and messaging apps to target Indian websites | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

Pakistani-based threat group Transparent Tribe is reportedly targeting the Indian government and military entities. According to a report published by Blackberry Research & Intelligence Team, these threat actors are using programming languages such as Python, Golang and Rust, as well as abusing popular web services such as Telegram, Discord, Slack and Google Drive. The research says that this cluster of activity spanned from late 2023 to April 2024 and is likely to continue.

A separate research by Seqrite, the enterprise arm of global cybersecurity solutions provider, Quick Heal Technologies Limited has discovered three distinct campaigns targeting the Indian government by another Pakistan-based APT group, Sidecopy. The intensifying cyberattack campaigns come amidst the ongoing general elections.

Who is Transparent Tribe?
Transparent Tribe, otherwise known as APT36, ProjectM, Mythic Leopard or Earth Karkaddan, has been operational since 2013. It is a cyber surveillance threat group operating with a Pakistani nexus. The group has conducted cyber espionage operations against India’s education and defense sectors in the past.

Transparent Tribe primarily employs phishing emails as the preferred method of delivery for their payloads, utilizing either malicious ZIP archives or links.

What does the latest research unveil about the group’s activities?
In its investigations, the Blackberry Research & Intelligence Team discovered that the threat group is deploying a range of malicious tools mirroring those used in previous campaigns along with newer iterations.

The research also discovered a remote IP address associated with a Pakistani-based mobile data network operator embedded within a spear-phishing email. It also noted that a file served from the group’s infrastructure set the time zone (TZ) variable to “Asia/Karachi,” which is Pakistan’s Standard Time.

Alongside familiar tactics, Transparent Tribe has also introduced new iterations. In October 2023, they used ISO images as an attack vector. BlackBerry also discovered a new Golang compiled “all-in-one” espionage tool used by the group, which has the capability to find and exfiltrate files with popular file extensions, take screenshots, upload and download files, and execute commands.


Click Here For The Original Story From This Source.


National Cyber Security