A high-profile cyberespionage group linked to Pakistan, Transparent Tribe, has come under the scanner of India’s security establishment for allegedly trying to attack military and government personnel in an attempt to obtain personal data. The group has been active since 2013-14 but it recently expanded its windows malware arsenal, following which alarm bells were sounded, said officials.
The group recently tried to garner information by floating a fake domain name for the Centre For Land Warfare Studies (CLAWS), an India-based autonomous think tank on strategic studies and land warfare. “It was discovered that a fake domain, clawsindia.com, was registered by the attackers. This domain masquerades as the website for the legitimate domain for CLAWS, claws. in,” said a senior government official, who did not wish to be identified.
The group targets individuals applying to CLAWS for chair of excellence, an honorary title for those making outstanding research contributions to strategic studies, said the official. “The victims are encouraged to click on an embedded URL hosted on sharingmymedia.com, which then downloads ObliqueRAT, the trojan which is associated with threat activity targeting entities in South Asia,” said the official.
The group primarily selects defense personnel in India using two generic themes – fake resumes and military-related topics – according to the official. “They use generically themed content-hosting domains in addition to malicious domains masquerading as legitimate defense-related websites,” he said.
Government undertakings, strategic units, and sectors such as telecom, power, energy, and transport are also susceptible to such attacks, according to those in the know.