Transparent Tribe Uses Spoofed Domains in Social Engineering Attacks
Researchers at Cisco Talos warn that the threat actor known as “Transparent Tribe” (also known as APT36 and Mythic Leopard) is using spoofed websites and malicious documents to deliver malware.
“Our latest Transparent Tribe research confirms that the group continues to create malicious domains mimicking defense-related entities as a core component of their operations,” the researchers write. “During our most recent investigation, we discovered a fake domain, clawsindia[.]com, registered by the attackers. This domain masquerades as the website for the Center For Land Warfare Studies (CLAWS), an India-based think tank covering national security and military issues.”
Cisco Talos also notes that the threat actor is targeting more verticals than usual in the latest campaign.
“While military and defense personnel continue to be the group’s primary targets, Transparent Tribe is increasingly targeting diplomatic entities, defense contractors, research organizations, and conference attendees, indicating that the group is expanding its targeting,” the researchers write.
The researchers add that Transparent Tribe is putting more effort into making its phishing lures more convincing.
“The actors recently deviated from the CrimsonRAT infection chains to make their ObliqueRAT phishing maldocs appear more legitimate,” the researchers write. “For example, attackers leveraging ObliqueRAT started hosting their malicious payloads on compromised websites instead of embedding the malware in the maldoc. In one such case in early 2021, the adversaries used iiaonline[.]in, the Indian Industries Association’s legitimate website, to host ObliqueRAT artifacts. The attackers then moved to hosting fake websites resembling those of legitimate organizations in the Indian subcontinent.”
Transparent Tribe also used HTTrack, a website copying tool, to create identical duplicates of legitimate sites.
“These examples highlight Transparent Tribe’s heavy reliance on social engineering as a core TTP and the group’s efforts to make their operations appear as legitimate as possible,” the researchers conclude.
New-school security awareness training can give your organization an essential layer of defense by teaching your employees how to thwart social engineering attacks.