Pakistani hackers target students in India with this malware, find out how to avoid it


Pakistani hackers allegedly attack Indian students with malware campaign. Here’s everything you need to know about it.

If you are an Indian student, you should beware of a new malware campaign that is allegedly run by a group of Pakistani origin. The Advanced Persistent Threat (APT) group, also known as Transparent Tribe, has been accused of a new ongoing phishing campaign that has been targeting students at educational institutions in India since December 2021.

“This new campaign also suggests that the APT is actively expanding its victim network to include civilian users,” Cisco Talos said in a report by The Hacker News. The Transparent Tribe, also tracked as APT36, Operation C-Major, PROJECTM, Mythic Leopard, is believed to be of Pakistani origin. This group is known for hitting government ministries and enterprises in India and Afghanistan, especially with custom malware such as CrimsonRAT, ObliqueRAT and CapraRAT.

Pakistani hackers attack Indian students

“The latest targeting of the education sector may align with strategic nation-state espionage goals,” Cisco Talos researchers told The Hacker News. “APTs will frequently target individuals at universities and technical research organizations to establish long-term access to siphon data related to ongoing research projects.”

“This APT makes a substantial effort to trick its victims into infecting themselves,” the researchers said.

The malware with its modular architecture allows attackers to remotely control the target machine and possibly steal browser credentials, log keystrokes, capture screenshots and even run scripts. arbitrary commands.

Additionally, a few of the decoy documents would be hosted on education-related domains (e.g., “studentsportal[.]co”) which were registered in June 2021, with the infrastructure operated by a Pakistani web hosting service provider called Zain Hosting. “The extent of Zain Hosting’s role in the Transparent Tribe organization is still unknown”, noted the researchers, “This is likely one of many third parties that Transparent Tribe employs to stage, stage, and/or deploy components of their operation.”


Comments are closed.