Pakistan based advanced persistent threat (APT) group known as Transparent Tribe has been attributed to a new ongoing phishing campaign targeting students at various educational institutions in India at least since December 2021.
• Transparent Tribe aka APT36 or Mythic Leopard is suspected to be of Pakistani origin and primarily targets Indian government and military entities. Security researchers at Cisco Talos have been tracking a new campaign suggesting that the threat actor is actively expanding its network of victims to include civilian users. The attacks result in the deployment of remote access trojans such as, CrimsonRAT and ObliqueRAT for establishing long-term access into victim networks.
• A Pakistani web hosting services provider "Zain Hosting" was used for deploying and operating components of Transparent Tribe's infrastructure. This is likely one of many third parties Transparent Tribe employs to prepare, stage and/or deploy components of their operation.