Transparent Tribe (APT36) | Pakistan-Aligned Threat Actor Expands Interest in Indian Education Sector

Executive Summary

• SentinelLabs has been tracking a cluster of malicious documents that stage Crimson RAT, distributed by APT36 (Transparent Tribe).


• We assess that this activity is part of the group’s previously reported targeting of the education sector in the Indian subcontinent.


• We observed APT36 introducing OLE embedding to its typically used techniques for staging malware from lure documents and versioned changes to the implementation of Crimson RAT, indicating the ongoing evolution of APT36’s tactics and malware arsenal.

Overview

SentinelLabs has …

actor apt36 arsenal cluster distributed documents education education sector executive interest malicious malware malware analysis ole pakistan rat sector sentinellabs stage tactics targeting techniques threat threat actor tracking transparent tribe tribe