U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Operation Transparent Tribe targets Indian diplomats and military

ProofPoint uncovered a new cyber espionage campaign dubbed Operation Transparent Tribe targeting Indian diplomatic and military entities. A new cyber espionage campaign dubbed Operation Transparent Tribe is targeting diplomats and military personnel in India. The researchers at Proofpoint who have uncovered the hacking campaign confirmed that threat actors used a number of hacking techniques to hit the […]

Operation Transparent Tribe targets Indian diplomats and military

ProofPoint uncovered a new cyber espionage campaign dubbed Operation Transparent Tribe targeting Indian diplomatic and military entities.

A new cyber espionage campaign dubbed Operation Transparent Tribe is targeting diplomats and military personnel in India. The researchers at Proofpoint who have uncovered the hacking campaign confirmed that threat actors used a number of hacking techniques to hit the victims, including phishing and watering hole attacks, and drop a Remote Access Trojan (RAT) dubbed MSIL/Crimson.

The MSIL/Crimson RAT used in the cyber espionage operation implements a variety of data exfiltration functions, including the ability to control the laptop cameras, take screen captures and keylogging.

The researchers discovered the campaign on February 11, 2016, when they noticed two live attacks against Indian diplomats operating in embassies in Saudi Arabia and Kazakhstan.

Proofpoint discovered that IP addresses involved in the attacks are in Pakistan, the attacks appear sophisticated and are part of a wider operation that relies on a network of watering hole websites and multiple phishing email campaigns.

The nature of the target and the methods used by attackers suggest the involvement of a nation-state attacker as explained by Kevin Epstein, VP of threat operations center at Proofpoint.

“This is a multi-year and multi-vector campaign clearly tied to state-sponsored espionage,” Epstein told to ThreatPost. “In the world of crimeware, you rarely see this type of complexity. A nation-state using multiple vectors, that’s significant.”

State-sponsored hacking is becoming a privileged option for governments that target other states mainly for cyber espionage with the intent of gathering intelligence on political issues.

Operation Transparent Tribe 2

The campaign discovered by ProofPoint required a significant effort of the APT group that set up multiple websites used to serve the MSIL/Crimson RAT.

In one case, the ATP behind the Operation Transparent Tribe used malicious email to spread weaponized RTF documents exploiting the CVE-2012-0158 Microsoft ActiveX vulnerability that dropped the malware on the target’s machine.

MSIL/Crimson is a multi-stage malware, after infected the machine in the first stage, it downloads more fully featured remote access Trojan component.

The attackers also used rogue blogs news websites with an Indian emphasis to serve the dangerous RAT.

Operation Transparent Tribe

Enjoy the Operation Transparent Tribe report.

Pierluigi Paganini

(Security Affairs – Operation Transparent Tribe, India)