Pakistani hackers are targeting the country's government systems and websites, know how they are 'infiltrating'

New Delhi: Life has become impossible without the Internet. If there is no internet in mobile and laptop, then we start considering it as a box. Cyber ​​​​thugs are taking full advantage of our growing attachment to the Internet. Especially Pakistani hackers are targeting the people of our country. In fact, a group of Pakistan-based hackers is known as Transparent Tribe. Which is targeting the Government of India and military institutions. According to a report published by the BlackBerry Research and Intelligence Team, these threat actors are using programming languages ​​​​like Python, Golang and Rust, as well as misusing Telegram, Discord, Slack and Google Drive. The research says that these thugs are targeting a lot of people from the year 2023 to April 2024. A research conducted by Seqrite, a branch of global cyber security solutions provider Quick Heal Technologies Limited, revealed three separate campaigns targeting the government by another Pakistan-based APT group SideCopy.

How does Transparent Tribe work?

Transparent Tribe, also known as APT36, ProjectM, Mythic Leopard or Earth Karkaddan, has been active since 2013. It is a cyber surveillance group that operates from Pakistan. It has previously conducted cyber espionage campaigns against India's education and defense sectors. Transparent Tribe primarily uses phishing emails, preferably using zip archives or links.

The BlackBerry Research and Intelligence team found that the group was using the same tools used in previous campaigns as well as their new updated versions. The research also revealed a remote IP address associated with a Pakistan-based mobile data network operator, hidden in a phishing email. In one of the files sent from this group, the time zone (TZ) variable was set to Asia/Karachi, which is Pakistan's standard time.

Along with their well-known methods, Transparent Tribe is also adopting new methods. In October 2023, they used ISO images as a method of attack. BlackBerry has also detected a new Golang compiled all-in-one spying tool used by the group, which has the ability to search and extract files with popular file extensions, take screenshots, upload and download files, and run commands.