Saturday , February 22 2025

Pakistan-Aligned Hackers Disrupt Indian Education Sector

The threat actor known as APT36 or Transparent Tribe has been observed targeting the education sector in India with malicious Office documents distributing Crimson RAT.

The group has been active since at least 2013, but according to a new advisory by SentinelOne, it is now shifting from attacking Indian military and government personnel targets to also disrupting educational institutions.

B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum

On February 19, 2025, the illegal marketplace B1ack's Stash released over 1 million unique stolen credit and debit card details...
Read More
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum

Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks

Cisco Talos reported that  Salt Typhoon, also known as FamousSparrow and GhostEmperor, has been spying on U.S. telecommunication providers using...
Read More
Cisco Confirms  Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks

AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets

A free tool is now available to scan public GitHub repositories for exposed AWS credentials. Security engineer Anmol Singh Yadav created...
Read More
AWS Key Hunter  Test this free automated tool to hunt for exposed AWS secrets

Check Point Flaw Used to Deploy ShadowPad and Ransomware

An unknown threat cluster has targeted European healthcare organizations, deploying PlugX and ShadowPad. In some cases, these intrusions resulted in...
Read More
Check Point Flaw Used to Deploy ShadowPad and Ransomware

CVE-2024-12284
Citrix Issues Security Update for NetScaler Console

Citrix has issued security updates for a serious vulnerability in the NetScaler Console and NetScaler Agent that could allow privilege...
Read More
CVE-2024-12284  Citrix Issues Security Update for NetScaler Console

CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries

The FBI and CISA reported on Wednesday that the ransomware group Ghost has been exploiting software and firmware vulnerabilities as...
Read More
CISA and FBI ALERT  Ghost ransomware to breach organizations in 70 countries

Hacker chains multiple vulns to attack Palo Alto Firewall

Palo Alto Networks has issued urgent warnings about threat actors to exploit vulnerabilities in PAN-OS, the operating system powering its...
Read More
Hacker chains multiple vulns to attack Palo Alto Firewall

150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

Indian government and educational websites, along with reputable financial brands, have experienced SEO poisoning, causing user traffic to be redirected...
Read More
150 Gov.t Portal affected  Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain

CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

The Cyber Threat Intelligence Unit of BGD e-GOV CIRT has found 600 vulnerable PRTG instances in Bangladesh, affected by the...
Read More
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh

Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru

Amazon Web Services (AWS) has been named in an FIR after a builder claimed damages to the tune of Rs...
Read More
Builder claims Rs 150 cr for data loss;  AWS faces FIR In Bengaluru

“Crimson RAT is a consistent staple in the group’s malware arsenal the adversary uses in its campaigns,” wrote senior threat researcher at SentinelLabs Aleksandar Milenkoski.

According to the technical write-up, the names and content of the lure documents, as well as the associated domains and the use of Crimson RAT, suggest that the recent activities observed by SentinelOne are part of a previously reported campaign by Transparent Tribe.

Read more on Transparent Tribe here: Officials Targeted with Romance Scams and Android Trojans

“The documents that Transparent Tribe distributes have education-themed content and names,” reads the advisory. “Based on known behavior of this group, we suspect that the documents have been distributed to targets as attachments to phishing emails.”

SentinelOne explained the team has observed several Crimson RAT .NET implementations with timestamps between July and September 2022.

“Crimson RAT variants implement different obfuscation techniques of varying intensities, for example, simple function name malformation and dynamic string resolution,” Milenkoski wrote.

Crimson RAT can exfiltrate system information, capture screenshots, start and stop processes, and enumerate files and drives.

“Transparent Tribe is a highly motivated and persistent threat actor that regularly updates its malware arsenal, operational playbook and targets,” SentinelOne warned.

Case in point, in these campaigns, APT36 adopted Microsoft’s Object Linking & Embedding (OLE) as a technique for staging malware from lure documents. They also used the Eazfuscator obfuscator to protect Crimson RAT implementations.

“Transparent Tribe’s constantly changing operational and targeting strategies require constant vigilance to mitigate the threat posed by the group,” Milenkoski concluded.

Meta took action against APT36 threat actors last year.

Check Also

Zuckerberg

Everything I Say Leaks,’ Zuckerberg Says in Leaked Meeting Audio

At an all-hands meeting at Meta on Thursday, Mark Zuckerberg did not mention the company’s …

Leave a Reply

Your email address will not be published. Required fields are marked *