Transparent Tribe begins targeting education sector in latest campaign

Cisco Talos recently discovered an ongoing campaign conducted by the Transparent Tribe APT group against students at various educational institutions in India. This campaign was partially covered by another security firm, but our findings reveal more details regarding the adversary’s operations.

Typically, this APT group focuses on targeting government (government employees, military personnel) and pseudo-government entities (think tanks, conferences, etc.) using remote access trojans (RATs) such as CrimsonRAT and ObliqueRAT. However, in this new campaign dating back to December 2021, the adversary is targeting students of universities and colleges in India. This new campaign also suggests that the APT is actively expanding its network of victims to include civilian users.

We also assess with high confidence that a Pakistani web hosting services provider, “ZainHosting” was employed by the APT for deploying and operating parts of Transparent Tribe’s infrastructure used in this campaign.

Read more…
Source: Cisco Talos