Kowatek Solar LTD
Australia awards 1.9GW of renewables under CIS Tender 5
08:38
Australia awards 1.9GW of renewables under CIS Tender 5
Beyond deployment: Building a circular future for renewable energy
07:13
Beyond deployment: Building a circular future for renewable energy
“There has never been more acreage”
04:13
“There has never been more acreage”
Silicon Ranch launches cattle-compatible agrivoltaics technology
14:25
Silicon Ranch launches cattle-compatible agrivoltaics technology
Key Chinese Molten Salt Storage Tank Manufacturers
06:08
Key Chinese Molten Salt Storage Tank Manufacturers
18:12
Why Chile is ideal for deploying the solar sulfur cycle for green copper
$3.2 Million Awarded For Tribal Solar Projects
12:07
$3.2 Million Awarded For Tribal Solar Projects
Missed The May Battery Rebate Cutoff? Here’s What To Do
07:55
Missed The May Battery Rebate Cutoff? Here’s What To Do
1GWh+ of BESS progress by re:cap, Flower, Goldbeck and others
04:27
1GWh+ of BESS progress by re:cap, Flower, Goldbeck and others
ESS Tech, Alsym Energy partner for 8.5 GWh of non-lithium BESS solutions
07:32
ESS Tech, Alsym Energy partner for 8.5 GWh of non-lithium BESS solutions

Pakistan-Aligned Hackers Disrupt Indian Education Sector

An actor known as APT36 (Transparent Tribe) has been observed targeting the Indian education sector with malicious Office documents distributing the Crimson RAT.

The group has been active since at least 2013, but has now moved from targeting Indian military and government officials to sabotaging educational institutions, according to new recommendations from SentinelOne.

Senior Threat Researcher at SentinelLabs Aleksandar Milenkoski writes:

According to the technical article, the name and content of the lure document and the associated domain and use of the Crimson RAT indicate that recent activity observed by SentinelOne is part of a campaign previously reported by Transparent Tribe. suggests.

Read more about the Transparent Tribe here: Officials Targeted by Romance Scams and Android Trojans

“Documents distributed by Transparent Tribe have educational content and titles,” the recommendation reads. “Based on the known behavior of this group, the document may have been distributed to targets as attachments in phishing emails.”

SentinelOne explained that the team observed several Crimson RAT .NET implementations with timestamps from July to September 2022.

“Crimson RAT variants implement various obfuscation techniques of varying strength, including simple function name malformations and dynamic string resolution,” wrote Milenkoski.

Crimson RAT is able to steal system information, capture screenshots, start and stop processes, and enumerate files and drives.

“Transparent Tribe is a highly motivated and relentless threat actor who regularly updates its malware arsenal, operational strategies, and targets,” warns SentinelOne.

Case in point, in these campaigns APT36 employed Microsoft’s Object Linking & Embedding (OLE) as a technique for embedding malware from decoy documents. We also used the Eazfuscator obfuscator to protect our implementation of the Crimson RAT.

“The Transparent Tribe’s ever-changing operational and targeting strategies require constant vigilance to mitigate the threat posed by this group,” concluded Milenkoski.

Meta took action against the APT36 attacker last year.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us