#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Transparent Tribe | Breaking Cybersecurity News | The Hacker News

SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities

SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities

Nov 07, 2023 Vulnerability / Malware
The Pakistan-linked threat actor known as  SideCopy  has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and DRat. Enterprise security firm SEQRITE described the campaign as multi-platform, with the attacks also designed to infiltrate Linux systems with a compatible version of Ares RAT. SideCopy, active since at least 2019, is  known  for its  attacks  on Indian and Afghanistan entities. It's suspected to be a sub-group of the Transparent Tribe (aka APT36) actor. "Both SideCopy and APT36 share infrastructure and code to aggressively target India," SEQRITE researcher Sathwik Ram Prakki  said  in a Monday report. Earlier this May, the group was  linked  to a phishing campaign that took advantage of lures related to India's Defence Research and Development Organization (DRDO) to deliver information-stealing malware. Since
Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware

Transparent Tribe Uses Fake YouTube Android Apps to Spread CapraRAT Malware

Sep 19, 2023 Mobile Security / Malware
The suspected Pakistan-linked threat actor known as  Transparent Tribe  is using malicious Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT), demonstrating the continued evolution of the activity. "CapraRAT is a highly invasive tool that gives the attacker control over much of the data on the Android devices that it infects," SentinelOne security researcher Alex Delamotte  said  in a Monday analysis. Transparent Tribe , also known as APT36, is known to  target Indian entities  for intelligence-gathering purposes, relying on an arsenal of tools capable of infiltrating Windows, Linux, and Android systems. A crucial component of its toolset is  CapraRAT , which has been propagated in the form of trojanized secure messaging and calling apps branded as MeetsApp and MeetUp. These weaponized apps are distributed using social engineering lures. The latest set of Android package (APK) files discovered by SentinelOne are engineered to mas
Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Cybersecurity Tactics FinServ Institutions Can Bank On in 2024

Feb 14, 2024Financial Security / Cyber Threats
The landscape of cybersecurity in financial services is undergoing a rapid transformation. Cybercriminals are exploiting advanced technologies and methodologies, making traditional security measures obsolete. The challenges are compounded for community banks that must safeguard sensitive financial data against the same level of sophisticated threats as larger institutions, but often with more limited resources. The FinServ Threat Landscape Recent trends show an alarming increase in sophisticated cyber-attacks. Cybercriminals now deploy advanced techniques like deep fake technology and AI-powered attacks, making it increasingly difficult for banks to differentiate between legitimate and malicious activities. These developments necessitate a shift towards more sophisticated and adaptive cybersecurity measures. Take these industry statistics, for example. Financial firms report 703 cyberattack attempts per week.1 On average, 270 attacks (entailing unauthorized access of data, appl
Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions

Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions

Apr 13, 2023 Malware / Cyber Attack
The  Transparent Tribe  threat actor has been linked to a set of weaponized Microsoft Office documents in intrusions directed against the Indian education sector to deploy a continuously maintained piece of malware called Crimson RAT. While the suspected Pakistan-based threat group is known to target  military and government entities  in the country, the activities have since expanded to include the  education vertical . The hacking group, also called APT36, Operation C-Major, PROJECTM, and Mythic Leopard, has been active as far back as 2013. Educational institutions have been at the receiving end of the adversary's attacks since late 2021. "Crimson RAT is a  consistent   staple  in the group's  malware arsenal  the adversary uses in its campaigns," SentinelOne researcher Aleksandar Milenkoski  said  in a report shared with The Hacker News. The .NET malware has the functionality to exfiltrate files and system data to an actor-controlled server. It's also bui
cyber security

The Critical State of AI in the Cloud

websiteWiz.ioArtificial Intelligence / Cloud Security
Wiz Research reveals the explosive growth of AI adoption and what 150,000+ cloud accounts revealed about the AI surge.
Transparent Tribe Hackers Distribute CapraRAT via Trojanized Messaging Apps

Transparent Tribe Hackers Distribute CapraRAT via Trojanized Messaging Apps

Mar 07, 2023 Spyware / Cyber Espionage
A suspected Pakistan-aligned advanced persistent threat (APT) group known as  Transparent Tribe  has been linked to an ongoing cyber espionage campaign targeting Indian and Pakistani Android users with a backdoor called  CapraRAT . "Transparent Tribe distributed the Android CapraRAT backdoor via trojanized secure messaging and calling apps branded as MeetsApp and MeetUp," ESET  said  in a report shared with The Hacker News. As many as 150 victims, likely with military or political leanings, are estimated to have been targeted, with the malware (APK package name " com.meetup.chat ") available to download from fake websites that masquerade as the official distribution centers of these apps. It's being suspected that the targets are lured through a honeytrap romance scam wherein the threat actor approaches the victims via another platform and persuades them to install the malware-laced apps under the pretext of "secure" messaging and calling. Howeve
Researchers Detail New Malware Campaign Targeting Indian Government Employees

Researchers Detail New Malware Campaign Targeting Indian Government Employees

Nov 04, 2022
The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach . "This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions of Kavach multi-authentication (MFA) applications," Zscaler ThreatLabz researcher Sudeep Singh  said  in a Thursday analysis. The cybersecurity company said the advanced persistent threat group has also conducted low-volume credential harvesting attacks in which rogue websites masquerading as official Indian government portals were set up to lure unwitting users into entering their passwords. Transparent Tribe, also known by the monikers APT36, Operation C-Major, and Mythic Leopard, is a suspected Pakistan  adversarial collective  that has a  history  of striking Indian and Afghanistan entities. The latest attack chain is not the first time the threat actor has set its sights o
Pakistani Hackers Targeting Indian Students in Latest Malware Campaign

Pakistani Hackers Targeting Indian Students in Latest Malware Campaign

Jul 14, 2022
The advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021. "This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users," Cisco Talos  said  in a report shared with The Hacker News. Also tracked under the monikers APT36, Operation C-Major, PROJECTM, Mythic Leopard, the Transparent Tribe actor is  suspected  to be of Pakistani origin and is known to strike government entities and think tanks in India and Afghanistan with custom malware such as CrimsonRAT, ObliqueRAT, and CapraRAT. But the targeting of educational institutions and students, first  observed  by India-based K7 Labs in May 2022, indicates a deviation from the adversary's typical focus. "The latest targeting of the educational sector may align with the strategic goals of espionage of the
New Hacking Campaign by Transparent Tribe Hackers Targeting Indian Officials

New Hacking Campaign by Transparent Tribe Hackers Targeting Indian Officials

Mar 29, 2022
A threat actor of likely Pakistani origin has been attributed to yet another campaign designed to backdoor targets of interest with a Windows-based remote access trojan named CrimsonRAT since at least June 2021. "Transparent Tribe has been a highly active APT group in the Indian subcontinent," Cisco Talos researchers  said  in an analysis shared with The Hacker News. "Their primary targets have been government and military personnel in Afghanistan and India. This campaign furthers this targeting and their central goal of establishing long term access for espionage." Last month, the advanced persistent threat expanded its malware toolset to compromise Android devices with a backdoor named  CapraRAT  that exhibits a high "degree of crossover" with CrimsonRAT. The latest set of attacks detailed by Cisco Talos involves making use of fake domains that mimic legitimate government and related organizations to deliver the malicious payloads, including a Pytho
Cybersecurity Resources