RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Transparent Tribe (hacker group)

Company

Content

History

2022: Attack by India's civil servants with paid Google ads

On November 4, 2022, it became known that the Transparent Tribe cyber group was associated with a new campaign aimed at Indian government organizations. Hackers distributed Trojan versions of Kavach two-factor authentication software.

File:Aquote1.png
This group uses Google ads for malicious advertising to distribute hacked versions of Kavach Multi-Authentication Applications (MFA), Zscaler ThreatLabz researcher Sudeep Singh said in a published analysis.
File:Aquote2.png

Hackers attack Indian civil servants

The cybersecurity company said that this group of advanced hackers also carried out small-scale credential collection attacks in which fraudulent websites masquerading as official Indian government portals were created in order to lure careless users and force them to enter their data.

Transparent Tribe, also known by the pseudonyms APT36, Operation C-Major and Mythic Leopard, is an alleged Pakistani malefactors' organization that has a track record of targeting Indian and Afghan organizations.

Kavach (meaning "armor" in Hindi) is a mandatory application that is required by users with email addresses on the @ gov.in and @ nic.in domains to log into the mail service as the second level of authentication.

File:Aquote1.png
The group of attackers registered several new domains that hosted web pages masquerading as the official portal for downloading the Kavach application, Singh said. They used Google Ads' paid search feature to bring malicious domains to the top of Google search results for users in India.
File:Aquote2.png

Transparent Tribe has also reportedly distributed blocked versions of the Kavach app through attacker-controlled app stores since May 2022, which claimed to offer free software downloads.

The site also popped up as a top result in Google searches, effectively acting as a gateway to redirect app-seeking users to a fraudulent.NET-based installer.[1]

Notes

Шаблон:Remarks