11 matches found
Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets
The Pakistan-nexus Transparent Tribe actor has been linked to a new set of attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware written in Python, Golang, and Rust. "This cluster of activity spanned from late 2023 to April 2024 and is anticipated to...
Transparent Tribe begins targeting education sector in latest campaign
Cisco Talos has been tracking a new malicious campaign operated by the Transparent Tribe APT group. This campaign involves the targeting of educational institutions and students in the Indian subcontinent, a deviation from the adversary's typical focus on government entities. The attacks result i...
New CapraRAT Android Malware Targets Indian Government and Military Personnel
A politically motivated advanced persistent threat APT group has expanded its malware arsenal to include a new remote access trojan RAT in its espionage attacks aimed at Indian military and diplomatic entities. Called CapraRAT by Trend Micro, the implant is an Android RAT that exhibits a high...
Pakistan-Linked Hackers Added New Windows Malware to Its Arsenal
Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research. The attacks have been linked to a group called Transparent Tribe, also known ...
Talos Takes Ep. #48: The complete history of ObliqueRAT
By Jon Munshaw. The latest episode of Talos Takes is available now. Download this episode and subscribe to Talos Takes using the buttons below, or visit the Talos Takes page. After researching and writing about ObliqueRAT for several months now, Asheer Malhotra joins Talos Takes for... This is on...
Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection
Cybercriminals are now deploying remote access Trojans RATs under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly. New research released by Cisco Tal...
Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection
Cybercriminals are now deploying remote access Trojans RATs under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly. New research released by Cisco Tal...
Compromised Website Images Camouflage ObliqueRAT Malware
The ObliqueRAT malware is now cloaking its payloads as seemingly-innocent image files that are hidden on compromised websites. The remote access trojan RAT, which has been operating since 2019, spreads via emails, which have malicious Microsoft Office documents attached. Previously, payloads were...
ObliqueRAT returns with new campaign using hijacked websites
By Asheer Malhotra. Cisco Talos has observed another malware campaign that utilizes malicious Microsoft Office documents maldocs to spread the remote access trojan RAT ObliqueRAT. This campaign targets organizations in South Asia.ObliqueRAT has been linked to the Transparent Tribe APT group in th...
Transparent Tribe: Evolution analysis, part 2
Background + Key findings Transparent Tribe, also known as PROJECTM or MYTHIC LEOPARD, is a highly prolific group whose activities can be traced as far back as 2013. In the last four years, this APT group has never taken time off. They continue to hit their targets, which typically are Indian...
ObliqueRAT: New RAT hits victims' endpoints via malicious documents
By Asheer Malhotra. Cisco Talos has observed a malware campaign that utilizes malicious Microsoft Office documents maldocs to spread a remote access trojan RAT we're calling "ObliqueRAT." These maldocs use malicious macros to deliver the second stage RAT payload. This campaign appears to target...