Cybersecurity

Transparent Tribe Launches New Rat Attacks Against Indian...

2026-01-02 0 views admin
Transparent Tribe Launches New Rat Attacks Against Indian...

The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts.

"The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF document and embedded with full PDF content to evade user suspicion," CYFIRMA said in a technical report.

Transparent Tribe, also called APT36, is a hacking group that's known for mounting cyber espionage campaigns against Indian organizations. Assessed to be of Indian origin, the state-sponsored adversary has been active since at least 2013.

The threat actor boasts of an ever-evolving arsenal of RATs to realize its goals. Some of the trojans put to use by Transparent Tribe in recent years include CapraRAT, Crimson RAT, ElizaRAT, and DeskRAT.

The latest set of attacks began with a spear-phishing email containing a ZIP archive with a LNK file disguised as a PDF. Opening the file triggers the execution of a remote HTML Application (HTA) script using "mshta.exe" that decrypts and loads the final RAT payload directly in memory. In tandem, the HTA downloads and opens a decoy PDF document so as not to arouse users' suspicion.

"After decoding logic is established, the HTA leverages ActiveX objects, particularly WScript.Shell, to interact with the Windows environment," CYFIRMA noted. "This behavior demonstrates environment profiling and runtime manipulation, ensuring compatibility with the target system and increasing execution reliability techniques commonly observed in malware abusing 'mshta.exe.'"

A noteworthy aspect of the malware is its ability to adapt its persistence method based on the antivirus solutions installed on the infected machine -

The second HTA file includes a DLL named "iinneldc.dll" that functions as a fully-featured RAT, supporting remote system control, file management, data exfiltration, screenshot capture, clipboard manipulation, and process control.

"APT36 (Transparent Tribe) remains a highly persistent and strategically driven cyber-espionage threat, with a sustained focus on intelligence collection targeting Indian government entities, educational institutions, and other strategically relevant sectors," the cybersecurity company said.

In recent weeks, APT36 has also been linked to another campaign that leverages a malicious shortcut file disguised as

Source: The Hacker News

🏷️ Tags

cybersecuritysecurityhackmalwareattack

More from Cybersecurity

Over 10k Fortinet Firewalls Exposed To Actively Exploited 2fa Bypass

Over 10k Fortinet Firewalls Exposed To Actively Exploited 2fa Bypass

2026-01-02 0
Google Is Testing A New Image AI And It's Going To Be Its Fastest...

Google Is Testing A New Image AI And It's Going To Be Its Fastest...

2026-01-02 0
Trust Wallet Links $8.5 Million Crypto Theft To Shai-hulud Npm Attack

Trust Wallet Links $8.5 Million Crypto Theft To Shai-hulud Npm Attack

2026-01-02 0
Cybersecurity Predictions For 2026: Navigating The Future Of...

Cybersecurity Predictions For 2026: Navigating The Future Of...

2026-01-02 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views