A startling revelation has emerged regarding a Pakistan-based group called Transparent Tribe, which has been conducting cyber attacks on the Indian Army and the education sector. This group, believed to have originated in 2013, targets Indian military entities and prestigious educational institutions like IITs and NITs.
The primary aim of these cyber attacks is to deceive unsuspecting victims into disclosing sensitive information. Transparent Tribe employs a sophisticated tactic by using a malicious file disguised as a legitimate document titled “Revision of Officers posting policy” to lure the Indian Army into compromising their systems. The file contains embedded malware that exploits vulnerabilities.
Cybersecurity researchers have also noticed a concerning increase in attacks on the education sector. Transparent Tribe has been targeting renowned Indian educational institutions, including Indian Institutes of Technology (IITs), National Institutes of Technology (NITs), and business schools since May 2022. These attacks reached their peak in February 2023.
The researchers identified a branch of Transparent Tribe called SideCopy that specifically targets an Indian defense organization. Their approach involves testing a domain hosting malicious files, potentially for phishing purposes.
The researchers from Seqrite, in their report, revealed that a group known as APT36, which is part of Transparent Tribe, cleverly utilizes malicious PPAM files disguised as “Officers posting policy revised final.” PPAM files are add-in files used in Microsoft PowerPoint. These files exploit macro-enabled PowerPoint add-ons (PPAM) to conceal archive files as OLE objects, effectively masking the presence of malware.
Seqrite recommends several preventive measures in its report, such as exercising caution while downloading files and opening email attachments from unsolicited or untrusted sources. It also urges regular updates of security software, operating systems, and applications to protect against known vulnerabilities. Additionally, implementing robust email filtering and web security solutions is essential to detect and block malicious content.