APT36's Transparent Tribe Campaign

  |  Source: 
Cisco Talos
Information & Technology

APT36's Transparent Tribe Campaign

Analysis from Cisco Talos shares the latest  threat campaign named Transparent Tribe from Pakistan-based threat group, APT36 (aka Mythic Leopard). The campaign has been active since June 2021 targeting the Indian government and military entities with the goal to establish long term access for cyber espionage. Various delivery methods have been used for initial access including masquerading as a fraudulent installer, distributing archive files, and malicious documents. The distribution of malicious documents was the group's main method of infection in June 2021 and July 2021, often utilizing Covid-19 themes. Payloads associated with the attack include CrimsonRAT, a python-based stager for reconnaissance and an additional .NET-based implant. A notable fraudulent installer used by APT36 includes Kavach, an effective lure, as the tool is used by government personnel to download and execute the malicious msi installer.


Get trending threats published weekly by the Anvilogic team.

Sign Up Now