A Pakistani cyber espionage group, TransparentTribe, has evolved its tactics by targeting Indian government Linux systems with new malware called DeskRAT, utilizing AI-assisted malware development. Their shift from cloud storage to dedicated staging servers indicates an advanced and targeted campaign using sophisticated command-and-control infrastructure. #TransparentTribe #DeskRAT #BOSSLinux
Keypoints
- TransparentTribe is now targeting Indian government Linux systems with new malware named DeskRAT.
- The campaign uses phishing emails with ZIP archives and disguised desktop files to deliver payloads.
- DeskRAT communicates through WebSocket and employs Linux-specific persistence techniques like cron jobs and autostart entries.
- Malware development likely involved large language models to facilitate rapid creation and obfuscation.
- The threat actor demonstrates a sophisticated infrastructure with custom web-based dashboards for post-exploitation management.