Cybercriminals with suspected ties to Pakistan continue to rely on social engineering as a crucial component of its operations as part of an evolving espionage campaign against Indian targets, according to new research.
The attacks have been linked to a group called Transparent Tribe, also known as Operation C-Major, APT36, and Mythic Leopard, which has created fraudulent domains mimicking legitimate Indian military and defense organizations, and other fake domains posing as file-sharing sites to host malicious artifacts.
“While military and defense personnel continue to be the group’s primary targets, Transparent Tribe is increasingly targeting diplomatic entities, defense contractors, research organizations and conference attendees, indicating that the group is expanding its targeting,” researchers from Cisco Talos said on Thursday.
These domains are used to deliver maldocs distributing CrimsonRAT, and ObliqueRAT, with the group incorporating new phishing, lures such as resume documents, conference agendas, and defense and diplomatic themes into its operational toolkit. It’s worth noting that APT36 was previously linked to a malware campaign targeting organizations in South…