May 28, 2024 at 11:33PM
A cyber-espionage group, Transparent Tribe, known for targeting government and defense sectors in India, has expanded its tactics to include targeting Linux systems using legitimate software techniques, including Google Drive and Telegram. Despite a history of targeting India, the group has also attacked the US, Europe, and Australia. They utilize cross-platform programming languages and legitimate tools to compromise victims.
The meeting notes describe the evolution of a cyber-espionage group, Transparent Tribe, which has expanded its targeting to include Linux systems as well as a wider variety of legitimate software techniques to bypass cybersecurity defenses. The group has historically targeted government agencies and defense firms in India, and while it has expanded its targeting to other regions, its primary focus remains India.
The group has leveraged multiple cross-platform programming languages such as Python, Golang, and Rust to create programs for both Windows and Linux. It has also used ELF binaries and desktop entry files to distribute malware and has incorporated legitimate services like Google Drive, Discord, and Telegram into its attack infrastructure.
Additionally, Transparent Tribe has used ISO images with PDF lures to deliver a Python-based Telegram bot that attempts to compromise targets using Windows portable executable (PE) files.
Overall, the group is considered to be successful in mixing up its tactics and has shown a capability to adapt and evolve its attack methods. Transparent Tribe’s use of legitimate tools and services as part of its attack infrastructure allows it to seemingly fly under the radar and hide in plain sight, making it a significant threat in the cybersecurity landscape.