According to the report by Seqrite, the enterprise arm of Pune-based Quick Heal Technologies transparent Tribe is a persistent threat group that is believed to be originated in Pakistan in 2013.

What is Behind the Recent Increase in Cyber Attacks on Indian Institutes of Technology and National Institutes of Technology?

Adarsh V.KJune 26, 23 cybersecurity, Education, IIT, India, NIT

The security of the Indian army and well-known educational institutions, including IITs and NITs, has been called into question by security researchers in India. They have expressed concern after discovering a string of cyber attacks carried out by Transparent Tribe, a notorious hacker group based in Pakistan.

According to a Seqrite report, the corporate arm of Pune-based Quick Heal Technologies transparent Tribe is a persistent threat group believed to have originated in Pakistan in 2013. The hacker group has targeted the Indian government and military units, IANS reported. .

According to the report, a Pakistani hacker group called APT36 is using a malicious file called “Revision of Officers posting policy” to lure the Indian Army into compromising its systems. The file is disguised as a legitimate document, but contains embedded malware. designed to exploit vulnerabilities, the team noted.

In addition, the cyber security team has observed a worrying increase in the targeting of the education sector by the same hacker group.

As of May 2022, Transparent Tribe is specifically targeting educational institutions including Indian Institutes of Technology (IITs), National Institutes of Technology (NITs) and business schools. These attacks increased in the first quarter of 2023 and peaked in February.

According to researchers, the Transparent Tribe branch, known as SideCopy, has also been identified as targeting the Indian Defense Organisation. Their modus operandi involves testing a domain that hosts malicious files, which can act as a phishing page.

This sophisticated tactic aims to trick unsuspecting victims into revealing sensitive information. Hacker groups operating in Pakistan cunningly used malicious PPAM files disguised as “Officer Posting Policy Revised Final”, the report said.

A PPAM file is an auxiliary file used by Microsoft PowerPoint. The report added that these files exploit PowerPoint plug-ins for macros (PPAM) to disguise archive files as OLE objects, effectively disguising the presence of malware.

The team advised taking regular security measures, such as keeping security software, operating systems and applications up to date to protect against known vulnerabilities. They also emphasized the implementation of strong email filtering and network security solutions to detect and block malicious content.