Indian military and government personnel are reportedly facing the threat of spear phishing and advanced cyber snooping tactics from noted cyber espionage and crime collective, Transparent Tribe. According to a report by cyber security firm Kaspersky, Transparent Tribe has been known to have been active since 2013, and specialises in cyber espionage of critical sectors including government departments, as well as military and defence. While the report does not offer detailed numbers in terms of how severe Transparent Tribe’s activities in India have been, it states that the group has a signature, advanced remote access trojan (RAT), Crimson, which has been spotted since 2017, which it uses to snoop on critical, top secret data.

Kaspersky states that India is among the most heavily targeted nations by Transparent Tribe (alongside Pakistan and Afghanistan). To carry out acts of cyber espionage, the group reportedly uses spear phishing – a tactic where emails are sent from typically known or trusted contacts, therefore maximising the changes of the recipient interacting with the email. These emails typically carry attachments such as a Microsoft Word or any other Office document, which in turn have embedded macro elements containing the group’s signature Crimson RAT. Once these documents are downloaded, the RAT then enables the attackers to take over file systems, and in turn gain access to sensitive information.

Explaining the sophistication of the snooping campaign from the secretive threat actor, Giampaola Dedola, cyber security expert at Kaspersky, says, “Transparent Tribe continues to run a high amount of activity against multiple targets. During the past 12 months, we have observed a very broad campaign against military and diplomatic targets, using a big infrastructure to support its operations and continuous improvements in its arsenal.” Dedola affirms that the group shows no signs of slowing down its intelligence snooping activities.

While the Indian cyber space has steadily attracted increasing attention from all quarters, activities like cyber espionage is expected to grow increasingly, partly due to increasing digitisation of critical documents and infrastructure. Transparent Tribe’s Crimson RAT is one such malware, and its persistent actions suggest that such threats will continue to remain in the future.