TransparentTribe APT Group Targets Indian Govt And Military

The threat actor's approach mirrors its name complexity, beginning with gathering sensitive data, conducting , and compromising targets' security.

by Ashish Khaitan April 20, 2024 in Dark Web News, Firewall Daily, Hackers Interview Reading Time: 3 mins read 0

599 SHARES 3.3k VIEWS Share on LinkedInShare on Twitter

is an Advanced Persistent Threat (APT) group with a large appetite for targeting Indian government organizations, military personnel, and defense contractors. The threat actor recently came into the spotlight and was seen levering the notorious (Remote Access Trojan), among other sophisticated tools and tactics.

The threat actor's modus operandi is as complex as its name — starting with gathering sensitive information, conducting cyber espionage, and compromising the security of its targets. They are adept at exploiting various platforms, from Windows to Android, often masquerading as legitimate government entities or organizations through fake websites and documents. 

These deceptive maneuvers aim to deceive unsuspecting users into sharing credentials or unwittingly downloading malware onto their systems.

Decoding the New Threat Actor: TransparentTribe

According to the Cyble Vision Threat Library, TransparentTribe, also known as or Project Mythic Leopard, has been active, with its last sighting dated April 1, 2023. Their activities extend beyond traditional cyber espionage, with recent investigations uncovering connections to watering hole sites focused on Indian military personnel.

Vision Threat Library

Moreover, TransparentTribe's reach spans across borders, with primary targets including India and Afghanistan, along with various other nations such as Australia, Japan, and the USA, among others. Their relentless pursuit of sensitive information knows no bounds, targeting sectors ranging from defense to education and governmental organizations.


Operating out of Pakistan, TransparentTribe poses a significant threat to national security, employing aliases like . Suspected ties with other APT groups like SideCopy and SideWinder further underscore the complexity of the threat landscape.

The Mechanics of TransparentTribe Hacker Group

The lifecycle of TransparentTribe's attacks involves multiple infection vectors, including phishing emails, malvertising, and social engineering. Their persistence is evident in the continuous monitoring of developments within targeted sectors, exploiting them as lures for their campaigns.

Windows, Linux, and Android systems alike fall prey to TransparentTribe's tactics, with tailored approaches for each platform. Exploiting vulnerabilities like CVE-2012-0158 and CVE-2010-3333, they deliver their payloads, including a diverse range of RATs like Crimson RAT, DarkComet, and QuasarRAT, each with its specific capabilities and functionalities.

Their network activities are intricate, utilizing well-crafted phishing URLs and registering domains on servers associated with Hostinger ASN. Moreover, the overlap in command and control (C&C) infrastructure and the use of platforms like Google Drive for hosting malware further complicate detection and mitigation efforts.


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button