Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

The advanced persistent threat (APT) actor known as Transparent Tribe has been observed targeting both Windows and BOSS (Bharat Operating System Solutions) Linux systems with malicious Desktop shortcut files in attacks targeting Indian Government entities. Transparent Tribe, also called APT36, is assessed to be of Pakistani origin, with the group – along with its sub-cluster SideCopy – having a storied history of breaking into Indian government institutions with a variety of remote access trojans (RATs). The latest dual-platform demonstrates the adversarial collective’s continued sophistication, allowing it to broaden its targeting footprint and ensure access to compromised environments. The use of typo-squatted domains combined with infrastructure hosted on Pakistan-based servers is consistent with the group’s established tactics, techniques, and procedures. The findings also follow the discovery of a separate campaign undertaken by a South Asian APT to strike Bangladesh, Nepal, Pakistan, Sri Lanka, and Turkey through spear-phishing emails that are engineered for credential theft using lookalike pages hosted on Netlify and Pages.dev.

To read the complete article see: The Hacker News