Pakistan state-affiliated hacker group, Transparent Tribe, is targeting Indian educational institutes with links to the central government. In a security study published on Wednesday, July 13 by Talos, Cisco’s security research division, the latest round of targeting involves the use of Windows-based malware to infiltrate servers and storage systems of Indian educational institutes.
The type of malware used in the attack is known as Remote Access Trojan (RAT). Cyber attackers around the world use RATs embedded in a wide range of medium, such as phishing emails, forged documents with embedded macros, and dubious websites – to trick users into downloading them. Once downloaded, RATs can enable a backdoor that could allow hackers to remotely access an organization’s files – something that can often include sensitive data.
According to Talos’ research, activity linked to the infiltration of educational institutes by Transparent Tribe dates back to December last year, and an initial discovery of the same was made in May this year by Indian cyber security firm K7 Security Labs. Talos detailed that the move to target educational institutes is a first by Transparent Tribe, which typically targets individuals and groups directly or closely linked to the Indian government.
The firm detailed that the move may be in order to gain access to high level and restricted research programmes being run by elite and government-affiliated educational institutes in India. “Keeping tabs on an adversary nation's research endeavors is a strategic goal adopted by many APT groups observed across the world,” the post said.
The move comes amid a clear uptick in cyber attacks across the world, and on India. Last month, a report by US-based cyber security firm Norton said that India faced over 18 million cyber attacks from around the world in the first three months of this year – amounting to over 200,000 cyber attacks of various forms every day of the first quarter.
Attackers are also using unprotected and obsolete hardware in India, left within connected infrastructures of organizations, to use them for conducting distributed denial of service (DDoS) attacks around the world.