Transparent Tribe (APT36) is actively launching targeted cyber espionage campaigns against Indian organizations using sophisticated remote access trojans (RATs) and deception techniques. Their campaigns include spear-phishing, environment-aware persistence methods, and evolving malware like CapraRAT and Crimson RAT. #TransparentTribe #APT36
Keypoints
- Transparent Tribe employs spear-phishing emails with disguised LNK files to deliver RAT payloads.
- The threat actor adapts its persistence methods based on detected antivirus solutions, enhancing malware survivability.
- The malware features a DLL with capabilities including remote control, data exfiltration, and screenshot capture.
- A recent campaign involves a malicious shortcut exploiting government advisories to infect systems in Pakistan.
- The activity uses encrypted C2 endpoints and persistent registry modifications, enabling long-term access.
Read More: https://thehackernews.com/2026/01/transparent-tribe-launches-new-rat.html