Indian security researchers on Saturday said they have detected a new wave of cyber attacks orchestrated by a notorious Pakistan-based group against the Indian Army and the education sector.
Transparent Tribe, a persistent threat group that originated in 2013 in Pakistan, has been targeting Indian government and military entities, according to the report by Seqrite, the enterprise arm of Pune-based Quick Heal Technologies.
The Pakistan-based group (dubbed as APT36) is using a malicious file titled “Revision of Officers posting policy” to lure the Indian Army into compromising their systems.
The file is disguised as a legitimate document, but it contains embedded malware designed to exploit vulnerabilities, the team noted.
Furthermore, the cyber-security team has also observed an alarming increase in the targeting of the education sector by the same threat actor.
Since May 2022, Transparent Tribe has been focusing on infiltrating prestigious educational institutions such as the Indian Institutes of Technology (IITs), National Institutes of Technology (NITs), and business schools.
These attacks intensified in the first quarter of 2023, reaching their peak in February.
“The subdivision of the Transparent Tribe, known as SideCopy, has also been identified targeting an Indian defence Organisation. Their modus operandi involves testing a domain hosting malicious file, potentially to serve as a phishing page,” said the researchers.
This sophisticated tactic aims to deceive unsuspecting victims into divulging sensitive information.
APT36 has cleverly utilised malicious PPAM files masquerading as “Officers posting policy revised final”.
A PPAM file is an add-in file used by Microsoft PowerPoint.
“These files exploit macro-enabled PowerPoint add-ons (PPAM) to conceal archive files as OLE objects, effectively camouflaging the presence of malware,” said the report.
Seqrite recommended some preventive measures such as exercising caution while opening email attachments or downloading files, especially if they are unsolicited or from untrusted sources.
“Regularly update security software, operating systems, and applications to protect against known vulnerabilities. It is also important to implement robust email filtering and web security solutions to detect and block malicious content,” the team advised.
20230624-115203