SOURCE: AFI
Indian government, defense, and aerospace sectors have come under fire from a hacker group with suspected links to Pakistan. The attackers deployed a combination of malware written in Python, Golang, and Rust in a series of cyberattacks spanning from late 2023 to April 2024, according to a technical report published by the BlackBerry Research and Intelligence Team earlier this week.
This hacking campaign, dubbed “Transparent Tribe” by cybersecurity researchers, targeted critical Indian infrastructure.
This Python-based information-gathering utility, previously documented by Zscaler, enabled the attackers to collect sensitive data from compromised Linux environments within Indian government organizations.
Exfiltration of Firefox Data: PYSHELLFOX, another Python-based malware, was used to steal data specifically from Mozilla Firefox web browsers.
Researchers observed a change in tactics in October 2023. The attackers began using ISO disk image files to deploy a Python-based remote access trojan (RAT) that utilized the Telegram messaging app for command and control (C2) communications.
These findings highlight the evolving techniques employed by cybercriminals. The use of a mix of programming languages suggests a deliberate attempt to evade detection by security measures typically focused on identifying specific malware signatures.
BlackBerry researchers believe these attacks are likely to continue, emphasizing the need for heightened vigilance on the part of Indian government agencies.