Pakistan-based hacker group Tribe Hackers is cyber-attacking multiple education organizations in India.
The group is also known as APT36.
- The group is using Crimson RAT to cyberattack the organizations.
- This malware has the functionality to:
- exfiltrate files and system data to an actor-controlled server,
- capture screenshots,
- terminate running processes,
- log keystrokes,
- and steal browser credentials.
- The
main way APT36 infects its users in this campaign is by sending them
malicious documents, which then deploy payloads if the user
double-clicks on the file.
- To make the campaign more convincing, these documents usually state that the document content is locked and cannot be previewed.
- Once the users click the file, an OLE package executes the Crimson RAT. The latter is presented as a mere update.
- Transparent Tribe is believed to be active since 2013.
