Why Pakistani Hackers Are Now Targeting IITs, NITs: All Details
Why Pakistani Hackers Are Now Targeting IITs, NITs: All Details
According to the report by Seqrite, the enterprise arm of Pune-based Quick Heal Technologies transparent Tribe is a persistent threat group that is believed to be originated in Pakistan in 2013.

Security researchers in India recently raised concerns regarding the security of the Indian army and prominent educational institutions in the country, such as IITs and NITs. They have raised an alarm after uncovering a series of cyber attacks conducted by a notorious Pakistan-based hacker group known as Transparent Tribe.

According to the report by Seqrite, the enterprise arm of Pune-based Quick Heal Technologies transparent Tribe is a persistent threat group that is believed to be originated in Pakistan in 2013. The hacker group has been targeting the Indian government and military entities, IANS reported.

The report suggests that the Pakistan-based hacker group also called APT36 is using a malicious file titled “Revision of Officers posting policy" to lure the Indian Army into compromising their systems. The file is disguised as a legitimate document, but it contains embedded malware designed to exploit vulnerabilities, the team noted.

Additionally, the cybersecurity team has noticed a concerning rise in the targeting of the education sector by the same group of hackers.

Starting from May 2022, Transparent Tribe has been specifically targeting educational institutions, including the Indian Institutes of Technology (IITs), National Institutes of Technology (NITs), and business schools. These attacks intensified in the first quarter of 2023, reaching their peak in February.

According to researchers, the subdivision of the Transparent Tribe, known as SideCopy, has also been identified as targeting an Indian defense Organisation. Their modus operandi involves testing a domain hosting malicious files, potentially to serve as a phishing page.

This sophisticated tactic aims to deceive unsuspecting victims into divulging sensitive information. The Pakistan-based hacker groups cleverly utilised malicious PPAM files masquerading as “Officers posting policy revised final", the report said.

A PPAM file is an add-in file used by Microsoft PowerPoint. These files exploit macro-enabled PowerPoint add-ons (PPAM) to conceal archive files as OLE objects, effectively camouflaging the presence of malware, the report added.

The team advised taking regular security measures such as keeping security software, operating systems, and applications up to date to safeguard against known vulnerabilities. They also emphasized the importance of implementing strong email filtering and web security solutions to detect and prevent malicious content.

What's your reaction?

Comments

https://terka.info/assets/images/user-avatar-s.jpg

0 comment

Write the first comment for this!