Tuesday, January 26, 01:22
Home security The Transparent Tribe is targeting governments

The Transparent Tribe is targeting governments

The Transparent Tribe team is campaigning against government and military personnel, unveiling a new tool designed to infect USB devices and spread to other systems.

The advanced APT team, previously investigated by Proofpoint (.PDF), has been operating since at least 2013 and has previously been linked to attacks against the Indian government and army.

Hacker-millions of files-leak Transparent Tribe

Recently, the APT has turned to Afghanistan, however, researchers have documented its presence in about 30 countries.

Also known as PROJECTM and MYTHIC LEOPARD, the Transparent Tribe is described as a "productive" group involved in "mass espionage campaigns".

The Transparent Tribe focuses on surveillance and espionage, and to achieve these goals, the team is constantly evolving the kit tools according to the target, Kaspersky said in a blog post on Thursday.

The chain of attack starts in a classic way, through phishing email. False messages are sent along with malicious ones documents of Microsoft Office containing a built-in macro that deploys the group's main payload, the Crimson Remote Access Trojan (RAT).

If a victim activates macros, the custom .NET Trojan starts and performs a variety of functions, including connecting to a command-and-control (C2) server for removal data and remote malware updates, file theft, download screenshot and breach of microphones and webcam for audio and video surveillance.

Kaspersky says the Trojan is also capable of stealing archives from removable media, to capture keys and steal credentials stored in browsers.

The Trojan is available in two versions released in 2017, 2018 and the end of 2019, indicating that the malware is still in progress.

The Transparent Tribe team also uses another .NET malware and a Trojan called Peppy, but a new USB attack tool is of particular interest.

USBWorm consists of two basics components, a file thief for removable drives and a worm for switching to new, vulnerable machines.

If a USB drive is connected to an infected computer, a copy of the Trojan is silently installed on the removable drive. The malware will display all directories in one drive and then a copy of the Trojan will be saved in the root drive directory. The directory attribute is then changed to "hidden" and a fake Windows icon is used to entice victims to click and execute payload when trying to access directories.

"This results in hiding and replacing all real directories with a copy of the malware using the same directory name," the researchers note.

More than 200 samples of Transparent Tribe Crimson components were identified between June 2019 and June 2020.

"Over the past 12 months, we have seen a widespread campaign against military and diplomatic targets," said Kaspersky researcher Giampaolo Dedola. "We do not expect this group to slow down in the near future."


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.



COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...