Transparent Tribe, an APT group, is now expanding its malware arsenal aiming Windows systems. The APT group has been active since 2013 and is known to target Indian military and defense personnel with CrimsonRAT. The group is now deploying ObliqueRAT.

Cisco Talos disclosed that the group is evolving several parts of its attack vector and making its lures more targeted. In early 2020, the group started using ObliqueRAT.

  • Researchers identified several malicious documents spreading the malware as part of Transparent Tribe campaigns.
  • These maldocs are believed to be sent as attachments via phishing emails.
  • The attackers took extra measures to ensure that their attack chain looks more legitimate by hosting the malicious payloads on compromised websites.
  • For initial compromise, the group uses fake domains impersonating genuine Indian military and defense organizations, along with malicious domains mimicking file-sharing and content-hosting websites.

Arsenal of Tools

  • The APT is heavily reliant on social engineering as a core attack method and is invested in making its operation look legitimate. 
  • Transparent Tribe primarily targets military/defense personnel, it has now started targeting defense contractors, diplomatic entities, conference attendees, and research organization.
  • This APT group has focused on diversifying its malware arsenal and infection tactics. It now uses ObliqueRAT, along with CrimsonRAT to steal various information.

Final Thoughts

Transparent Tribe is expected to continue targeting military and government entities for strategic and political advantages. This group is continuously evolving its social engineering techniques to target high-value victims. Organizations are recommended to stay vigilant and implement adequate security measures proactively.