IcePeony and Transparent Tribe Aim at Indian Entities via Cloud-Based Tools

Nov 08, 2024Ravie LakshmananCyber Espionage / Threat Intelligence

In India, prominent organizations have fallen prey to orchestrated malevolent activities by IcePeony, a China-linked cyber group, and the Pakistan-based Transparent Tribe threat group.

Transparent Tribe’s breaches involve the utilization of ElizaRAT malware and a newly introduced ApoloStealer payload on specific targets, as per Check Point’s recent technical write-up.

“ElizaRAT instances reveal a methodical misuse of cloud-centric platforms like Telegram, Google Drive, and Slack for managing command-and-control communications,” indicated the Israeli firm in its statement.

Initially spotted in July 2023 attacking Indian administrative domains, Transparent Tribe began using ElizaRAT, a Windows remote access tool (RAT). This adversary, known by various aliases such as APT36, Datebug, Earth Karkaddan, Mythic Leopard, Operation C-Major, and PROJECTM, has been active since at least 2013.

The array of malware tools at their disposal includes mechanisms to infiltrate Windows, Android, and Linux systems. The increased emphasis on targeting Linux devices stems from the Indian government’s adoption of a custom Ubuntu variant named Maya OS starting last year.

Infection chains are set in motion by Control Panel (CPL) files possibly disseminated via targeted phishi

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts