Info@NationalCyberSecurity
Info@NationalCyberSecurity

Pakistan-based hackers target Indian Army, IITs; chat apps used, dangerous file names and more | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker



Gadgets Now Bureau
26 Jun, 2023, 07:32AM IST

Indian security researchers have issued a security alert for the Indian army and some of the country’s top educational institutes, including IITs and NITs. Security researchers have detected a wave of cyber attacks orchestrated by a Pakistan-based hacker group called Transparent Tribe. A subdivision of the Transparent Tribe, known as SideCopy, has also been identified targeting an Indian defence Organisation. The hacking campaign recently came to light after a senior DRDO scientist was arrested for leaking sensitive information to Pakistani agents who had honey-trapped him. Here are tools that these hacker groups use, their modus operandi and more.

Why NITs, IITs also under attack

Since May 2022, Transparent Tribe has been focusing on hacking prestigious educational institutions such as the Indian Institutes of Technology (IITs), National Institutes of Technology (NITs), and some of the biggest business schools in the country. These attacks reportedly intensified in the first quarter of 2023. It is not clear why these institutes are being targeted, but may be because some of them work closely with Indian defence forces.

Use Linux malware

Hackers from Pakistan are also reportedly using Linux malware Poseidon to target Indian government agencies.

Hackers using these chat apps

Some reports claim that researchers uncovered a targeted cyber threat involving messaging apps BingeChat and Chatico distributing the GravityRAT trojan. GravityRAT is a remote access tool known to be used since at least 2015 and previously used in targeted attacks against India. BingeChat is distributed through a website advertising free messaging services. Notable in the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive commands to delete files. The malicious apps also provide legitimate chat functionality based on the open-source OMEMO Instant Messenger app.

What is the modus operandi of these Pakistan-based hackers

The Pakistan-based hacking group uses phishing email attachments and URLs as the infection tool to inject malicious archive files. They constantly change their methods and techniques. Their sophisticated tactics aim to deceive unsuspecting victims into divulging sensitive information. They primarily use social engineering lures to target Indian Army officials and drop a wide range of malware.

Expand

Dangerous filenames detected

Security researchers detected dangerous filenames, including: DRDO-K4-Missile-Clean-room.zip; office.template.mac; office.template.ui; DRDO – K4 Missile Clean room.pptx.lnk; DUser.dll and test.bat.

IPs from Pakistan detected

Other cybersecurity companies including Fortinet said that it observed “communications sourced from 17 distinct IPs assigned to Pakistani mobile providers and four Proton VPN nodes,” noting inbound connections to the IP address from IP addresses assigned to Indian ISPs.

Virus hides in add-in files

“A PPAM file is an add-in file used by Microsoft PowerPoint. “These files exploit macro-enabled PowerPoint add-ons (PPAM) to conceal archive files as OLE objects, effectively camouflaging the presence of malware,” said the report.

What is Pakistan hacking group Transparent Tribe

Transparent Tribe is a persistent threat group that originated in 2013 in Pakistan. It has been targeting Indian government and military entities, according to the report by Seqrite, the enterprise arm of Pune-based Quick Heal Technologies. “The subdivision of the Transparent Tribe, known as SideCopy, has also been identified targeting an Indian defence Organisation. Their modus operandi involves testing a domain hosting malicious file, potentially to serve as a phishing page,” said the researchers.

Top Flagship Mobile Phones

——————————————————–


Click Here For The Original Story From This Source.

National Cyber Security

FREE
VIEW