At a glance.
- Transparent Tribe expands its activity against India's education sector.
- A Lazarus sub-group is after defense sector targets.
- FBI's Denver office warns of the juicejacking threat.
- Legion: a Python-based credential harvester.
- Source of leaked US intelligence may be closer to identification.
- Canada says its natural gas infrastructure sustained no physical damage from Russian cyberattacks.
- Russian cyberattacks are expected to increase as the invasion of Ukraine stalls.
Transparent Tribe expands its activity against India's education sector.
This morning Sentinel Labs described recent activity by Transparent Tribe (APT36) that shows a close interest in India's education sector. The threat group, active since at least 2013, is believed to be based in Pakistan. Described as "not very sophisticated" but "highly persistent," Transparent Tribe has been running phishing campaigns baited with education-themed topics. The typical payload the attacks deploy is the Crimson RAT (remote access Trojan). Relatively unsophisticated as it might be, Transparent Tribe has updated and adapted its tactics, techniques, and procedures to include, Sentinel Labs says, "adoption of OLE embedding as a technique for staging malware from lure documents and the Eazfuscator obfuscator to protect Crimson RAT implementations." The campaign suggests that the threat actor's interest in the education sector is intended for espionage: the operators are interested in research being carried out in Indian universities.