Man
Professional
- Messages
- 3,077
- Reaction score
- 614
- Points
- 113
Hackers attack according to new rules, using invisible surveillance tools.
India has faced a wave of cyberattacks orchestrated by the hacker groups Transparent Tribe and IcePeony, operating from Pakistan and China. These attacks target key government structures and organizations.
Transparent Tribe uses the ElizaRAT malware and the new ApoloStealer tool. A recent report by Check Point noted that ElizaRAT is actively using popular cloud services such as Telegram, Google Drive, and Slack to stealthily manage and transfer data. This group, also known as APT36 and Datebug, has been operating since 2013 and attacks Windows, Android, and Linux-based systems.
ElizaRAT was first spotted in July 2023 during attacks on Indian government agencies. Since last year, attacks have also targeted Linux devices due to the Indian government's implementation of Maya, an Ubuntu-based operating system. Malicious chains are distributed through Control Panel (CPL) files, likely through phishing. From December 2023 to August 2024, three campaigns were recorded using virtual servers and cloud services for management.
The new ApoloStealer tool collects and sends files of various formats (DOC, XLS, ZIP, etc.) to a remote server. In January 2024, Transparent Tribe also added a dropper component that powers the ElizaRAT and a ConnectX module that searches for files on external devices.
IcePeony, a previously unknown group, is also targeting government agencies and universities in India, Mauritius and Vietnam, according to nao_sec. Attacks start with SQL injections and unfold before installing web shells and backdoors. The main goal is to steal credentials.
IcePeony has in its arsenal the IceCache tool, designed to hack Microsoft IIS servers, and the IceEvent backdoor, which can upload and download files, as well as execute commands. Notably, these cybercriminals operate almost six days a week, avoiding activity on Fridays and Saturdays, indicating their organized and professional nature of the attacks.
Thus, India has found itself at a crossroads of sophisticated cyberattacks, where cloud services are becoming a weapon of espionage. In the new realities, cybersecurity is becoming not just a preventive measure, but a prerequisite for the protection of critical infrastructure.
Source
India has faced a wave of cyberattacks orchestrated by the hacker groups Transparent Tribe and IcePeony, operating from Pakistan and China. These attacks target key government structures and organizations.
Transparent Tribe uses the ElizaRAT malware and the new ApoloStealer tool. A recent report by Check Point noted that ElizaRAT is actively using popular cloud services such as Telegram, Google Drive, and Slack to stealthily manage and transfer data. This group, also known as APT36 and Datebug, has been operating since 2013 and attacks Windows, Android, and Linux-based systems.
ElizaRAT was first spotted in July 2023 during attacks on Indian government agencies. Since last year, attacks have also targeted Linux devices due to the Indian government's implementation of Maya, an Ubuntu-based operating system. Malicious chains are distributed through Control Panel (CPL) files, likely through phishing. From December 2023 to August 2024, three campaigns were recorded using virtual servers and cloud services for management.
The new ApoloStealer tool collects and sends files of various formats (DOC, XLS, ZIP, etc.) to a remote server. In January 2024, Transparent Tribe also added a dropper component that powers the ElizaRAT and a ConnectX module that searches for files on external devices.
IcePeony, a previously unknown group, is also targeting government agencies and universities in India, Mauritius and Vietnam, according to nao_sec. Attacks start with SQL injections and unfold before installing web shells and backdoors. The main goal is to steal credentials.
IcePeony has in its arsenal the IceCache tool, designed to hack Microsoft IIS servers, and the IceEvent backdoor, which can upload and download files, as well as execute commands. Notably, these cybercriminals operate almost six days a week, avoiding activity on Fridays and Saturdays, indicating their organized and professional nature of the attacks.
Thus, India has found itself at a crossroads of sophisticated cyberattacks, where cloud services are becoming a weapon of espionage. In the new realities, cybersecurity is becoming not just a preventive measure, but a prerequisite for the protection of critical infrastructure.
Source
