BackPakistan-based threat actors attacking IITs, Indian Army: Modus operandi, motive, and other details to know
Pakistan-based group Transparent Tribe has been conducting cyber attacks against the Indian Army and education sector. The group is believed to be attempting to obtain sensitive information via the malicious file ‘Revision of Officers posting policy’, which is disguised as a legitimate document.
PremiumA new wave of cyber attacks against the Indian Army and the education sector organised by a Pakistan-based group has come to light. According to a report by Seqrite, the enterprise arm of Pune-based Quick Heal Technologies, the threat group is called Transparent Tribe. It has been targeting Indian military entities and educational institutions in the country, such as IITs and NITs. The group is believed to have originated in 2013.
Aim of these attacks? The threat group targets to deceive unsuspecting victims into divulging sensitive information through this sophisticated tactic.
According to the researchers, the group is using a malicious file titled "Revision of Officers posting policy" to lure the Indian Army into compromising their systems. The file is disguised as a legitimate document, but it contains embedded malware designed to exploit vulnerabilities.
The cybersecurity researchers also observed an alarming increase in the targeting of the education sector. According to it, Transparent Tribe has been targeting India’s prestigious educational institutions such as the Indian Institutes of Technology (IITs), National Institutes of Technology (NITs), and business schools since May 2022. These attacks intensified in the first quarter of 2023, reaching their peak in February, the team notes.
"The subdivision of the Transparent Tribe, known as SideCopy, has also been identified targeting an Indian defence Organisation. Their modus operandi involves testing a domain hosting malicious file, potentially to serve as a phishing page," said the researchers.
The security team notes that the group dubbed as APT36 has cleverly utilised malicious PPAM files masquerading as "Officers posting policy revised final". For those unaware, a PPAM file is an add-in file used by Microsoft PowerPoint. "These files exploit macro-enabled PowerPoint add-ons (PPAM) to conceal archive files as OLE objects, effectively camouflaging the presence of malware," said the report.
In its report, Seqrite is recommending some preventive measures such as exercising caution while downloading files and opening email attachments from unsolicited or untrusted sources.
"Regularly update security software, operating systems, and applications to protect against known vulnerabilities. It is also important to implement robust email filtering and web security solutions to detect and block malicious content," the team advised.
Milestone Alert!Livemint tops charts as the fastest growing news website in the world 🌏 Click here to know more.
