A Pakistani threat group identified as Transparent Tribe has emerged as a significant concern, as it is reportedly targeting many Indian institutions, which include government and military entities.
As per Blackberry’s Research & Intelligence team, this group is making use of various programming languages such as Python, Golang and Rust, and they are also making the use of different web services like Telegram, Discord, Slack and Google Drive.
In addition, this report also revealed, that these activities took place from late 2023 to April 2024. most likely, it will continue.
Further, the transparent tribe mainly uses phishing emails, as the common mode of delivery for its payloads, making use of ZIP archives or links.
The blackberry later discovered a remote IP address, which belonged to Pakistani-based mobile data network operator. Which was embedded within spear-phishing email.
Besides these known tactics, this group has also introduced new additions.
Earlier in October 2023, they utilized ISO images as a newer mode of attack, as stated by blackberry, this new golang now comes with “all-in-one” espionage tools, which enjoys the capability of finding & exfiltrating files with popular file extensions, taking screenshots, give commands, upload and download files.
Brief Introduction of Transparent Tribe
Also known by other names like APT36, ProjectM, Mythic Leopard or Earth Karkaddan, this cyber surveillance threat group has been operating with Pakistani nexus since 2013.
This group for many years, is conducting espionage operations against various Indian institutions especially against education and defense sector.
In addition to Transparent Tribe, another Pakistani APT group known as Side copy has also escalated its cyberattack strategies targeting Indian sectors.