Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

Pakistan-linked Hackers Deploy Python, Golang, and Rust Malware on Indian Targets

May 27, 2024 at 03:54AM

The Pakistan-based Transparent Tribe has been linked to new attacks targeting Indian government, defense, and aerospace sectors using cross-platform malware. The attacks, spanning from late 2023 to April 2024, utilized popular online services for spear-phishing campaigns. The group is known for cyber espionage operations and has experimented with new intrusion methods and various malware families. BlackBerry anticipates the attacks to persist.

From the meeting notes, it is clear that the Pakistan-based threat actor group known as Transparent Tribe has been linked to a series of attacks targeting Indian government, defense, and aerospace sectors. The attacks involve the use of cross-platform malware written in Python, Golang, and Rust and have been ongoing from late 2023 to April 2024.

The technical report published by the BlackBerry Research and Intelligence Team highlighted that the spear-phishing campaign utilized popular online services such as Discord, Google Drive, Slack, and Telegram to target companies crucial to the Department of Defense Production (DDP) in Bengaluru, India. The targeted companies included Hindustan Aeronautics Limited (HAL), Bharat Electronics Limited (BEL), and BEML Limited.

The meeting notes also outlined the various aliases under which Transparent Tribe is tracked by the cybersecurity community, as well as its history of conducting cyber espionage operations in India and other countries. The group is known for using different malware families and continually evolving its tactics and toolkit to avoid detection.

Of particular concern is the group’s use of spear-phishing emails to deliver payloads, focusing on distributing ELF binaries due to the Indian government’s reliance on Linux-based operating systems. The infections were found to involve the deployment of various versions of GLOBSHELL and PYSHELLFOX to gather and exfiltrate data.

In addition, the meeting notes mentioned the use of ISO images to deploy Python-based remote access trojans and a Golang-compiled “all-in-one” program capable of espionage activities, receiving instructions from Discord.

Overall, the meeting notes provide a comprehensive overview of Transparent Tribe’s tactics, techniques, and procedures, underscoring the group’s persistent targeting of critical sectors vital to India’s national security.

The BlackBerry Research and Intelligence Team is continually monitoring the situation and advising on protective measures to mitigate these threats. If you require further details on specific aspects, feel free to ask.

Full Article