Transparent Tribe specifically targeting educational institutions
Transparent Tribe, the venture arm of Pune-based Quick Heal Technologies, is a persistent threat group that is believed to have originated in Pakistan in 2013, reports Secrite.
Security researchers in India have recently raised concerns about the security of the Indian Army and the country’s premier educational institutions, such as the IITs and NITs. They have raised the alarm after revealing a series of cyber attacks carried out by the notorious Pakistan-based hacker group known as Transparent Tribe.
According to the Seqrite report, Transparent Tribe, the venture arm of Pune-based Quick Heal Technologies, is a persistent threat group believed to have originated in Pakistan in 2013. The hacker group is targeting Indian government and military establishments, IANS reported.
The report suggests that a Pakistan-based hacker group also known as APT36 is using a malicious file named “Amendment of Officers’ Posting Policy” to lure the Indian Army into compromising its systems. The file is disguised as a legitimate document, but contains embedded malware designed to exploit vulnerabilities, the team noted.
Additionally, the cyber security team has observed a worrying increase in the targeting of the education sector by the same group of hackers.
Starting May 2022, Transparent Tribe is specifically targeting educational institutions including the Indian Institutes of Technology (IITs), National Institutes of Technology (NITs) and business schools. These attacks intensified in the first quarter of 2023 and reached their peak in February.
According to the researchers, a subdivision of the Transparent Tribe, known as Sidecopy, has also been identified as targeting an Indian defense organization. Their modus operandi involves probing domains potentially hosting malicious files to serve as phishing pages.
The purpose of this sophisticated tactic is to trick unsuspecting victims into revealing sensitive information. The report said that Pakistan-based hacker groups cleverly used malicious PPAM files that masqueraded as “Official Posting Policy Revised Final”.
A PPAM file is an add-in file used by Microsoft PowerPoint. The report states that these files use a Macro-Enabled PowerPoint Add-on (PPAM) to disguise stored files as OLE objects, effectively hiding the presence of malware.
The team recommended taking regular security measures such as keeping security software, operating systems and applications updated to protect against known vulnerabilities. He also stressed the importance of implementing robust email filtering and web security solutions to detect and block malicious content.
