Saturday, Indian security researchers reported detecting a new surge of cyber attacks orchestrated by a notorious Pakistani organization against the Indian military and education sector.
According to a report by Seqrite, the enterprise division of Pune-based Quick Heal Technologies, the persistent threat group Transparent Tribe has been targeting Indian government and military institutions since 2013.
The Pakistani group known as APT36 is using a malicious file titled “Revision of Officers posting policy” to compromise the Indian Army’s systems.
The team noted that the file is camouflaged as a legitimate document, but it contains malware designed to exploit vulnerabilities.
In addition, the cyber-security team has observed an alarming increase in the same threat actor’s targeting of the education sector.
Microsoft PowerPoint utilizes PPAM files, which are add-in files.
Since May 2022, Transparent Tribe has focused on infiltrating prestigious educational institutions, including Indian Institutes of Technology (IITs), National Institutes of Technology (NITs), and business colleges.
During the first quarter of 2023, these attacks intensified, reaching their apex in February.
SideCopy, a subgroup of the Transparent Tribe, has also been identified as targeting an Indian defense organization. “Their modus operandi involves testing a domain that hosts a malicious file, potentially for use as a phishing page,” researchers explained.
This sophisticated strategy is intended to induce unwary victims to divulge sensitive information.
APT36 has deceitfully employed malicious PPAM files posing as “Officers posting policy revised final”
The report stated, “These files utilize macro-enabled PowerPoint add-ons (PPAM) to conceal archive files as OLE objects, effectively disguising the presence of malware.”
Seqrite advised caution when opening email attachments or downloading files, particularly when they are unsolicited or from unreliable sources.
“Update security software, operating systems, and applications on a regular basis to protect against known vulnerabilities.” Additionally, it is crucial to implement robust email filtering and web security solutions to detect and block malicious content, as advised by the team.