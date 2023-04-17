This is not the first time Transparent Tribe has targeted India, according to reports. Earlier, from 2022, cybersecurity research firms have observed Transparent Tribe campaigns earmarking the country's military and education sector.

Pakistan-aligned threat Transparent Tribe has been targeting the Indian education sector, specifically students and research institutions, indicating that these threat actors are keeping a close watch on research activities of other nations, senior threat researcher at Sentinel Labs Aleksandar Milenkoski told Moneycontrol.

A few days back US-based cybersecurity firm Sentinel Labs, which had earlier came out with reports that alleged malware and spyware being planted on activists implicated in Bhima Koregaon case, published another report that claimed that Transparent Tribe has been been targeting the Indian education sector.

The report said the group has been distributing virus-laden documents in emails, and if one clicks on such documents, then Crimson RAT, a malware, gets deployed. They use phishing emails and fake websites to lure in students and research institutions, Milenkoski said.

"If a user is lured into enabling macros or double-clicking an image in a malicious document distributed by Transparent Tribe, the document executes the Crimson RAT. This is the malware of choice for the adversary to establish long-term access to victim networks. Crimson RAT may masquerade as a system update process to make its execution look legitimate," Milenkoski said.

However, the senior threat researcher at the cybersecurity firm was unable to accurately provide an estimate into the extent of the number of Indians this campaign may have affected; and declined from commenting on whether they have notified Indian law enforcement authorities regarding this.

Moneycontrol has reached out to Indian Computer Emergency Response Team with specific queries regarding this threat campaign, and the article will be updated when a response is received.

"This (current campaign) aligns with previous reports indicating that keeping a close watch on the research activities of adversary nations, in addition to government and military entities, has become a strategic goal of Transparent Tribe. Monitoring research activities of adversary nations is important for espionage threat actors because it can provide valuable insights into a country's intellectual property and technological capabilities under development," he explained.

This is not the first time Transparent Tribe has targeted India, according to reports. Earlier, from 2022, cybersecurity research firms have observed Transparent Tribe campaigns earmarking the country's military and education sector. However, Milenkoski, says, that there's something different about Transparent Tribe's current campaign.

"A relevant change from previous Transparent Tribe campaigns is the introduction of OLE embedding as an alternative to Office macros for executing Crimson RAT on victim systems. This may enhance the effectiveness, that is, the likelihood of success, of the lure documents the group distributes for initial intrusion," he said.

"With this technique, users are not presented with the standard macro warning banner when opening a malicious document. They are lured instead into double-clicking a document element, which activates malicious code," he explained.