Report Uncovers Pakistan-Linked Hackers Using Cloud Services to Target Attacks on Indian Systems

Report Uncovers Pakistan-Linked Hackers Using Cloud Services to Target Attacks on Indian Systems

Report Uncovers Pakistan-Linked Hackers Using Cloud Services to Target Attacks on Indian Systems

Share This News

Pakistan-Backed cyber group Transparent Tribe escalates attacks on India with new malware ElizaRAT

A recent report from Checkpoint Research has unveiled that a Pakistan-linked cyber-espionage group, known as Transparent Tribe (APT36), is actively targeting Indian entities using sophisticated malware called ElizaRAT. Emerging in September 2023, ElizaRAT has since evolved, with new variants enhancing its data extraction capabilities and making it harder to detect. 

ElizaRAT, a Windows-based Remote Access Tool (RAT), has been deployed across multiple campaigns between late 2023 and early 2024. Notably, the malware operates on the Indian Standard Time (IST) zone, indicating that Indian entities are its primary targets. The malware uses widely accessible platforms like Google Drive, Slack and Telegram to blend its malicious activity into normal network traffic, making detection by security systems challenging.

Transparent Tribe’s strategy involves deploying decoy documents and shortcuts to mask ElizaRAT’s true purpose. The malware also uses SQLite to store data locally before exfiltrating it via secure channels. A distinct feature of ElizaRAT is its ability to launch secondary payloads, such as ApoloStealer, which harvests sensitive data, including files from infected desktops. 

In a recent evolution, Transparent Tribe released a second variant of ElizaRAT called ‘Circle,’ equipped with an upgraded dropper component. This enhanced version minimizes detection by antivirus and anti-malware programs, further showcasing the group’s increasing sophistication.

Growing Threat to Indian Security

Transparent Tribe has a history of targeting high-profile Indian entities, including government organizations, diplomatic personnel, and military facilities. By leveraging popular cloud services to obscure its activities, the group continues to raise concerns about the security of Indian-associated networks. The report suggests that these cloud platforms allow the hackers to embed malicious activities within everyday data exchanges, making their operations harder to distinguish from legitimate traffic.

The growing sophistication of Transparent Tribe underscores an urgent need for strengthened cybersecurity measures, especially as attackers adapt to evade detection systems. ElizaRAT’s India-centric timing settings, signal a targeted approach in compromising Indian entities.

Care
Care