Transparent Tribe Mounts Ongoing Spy Campaign on Military, Government

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
The APT group Transparent Tribe is mounting an ongoing cyberespionage campaign, researchers said, which is aimed at military and diplomatic targets around the world. The effort features a worm that can propagate from machine to machine while stealing files from USB removable drives.

Transparent Tribe (a.k.a. ProjectM and Mythic Leopard), is a prolific group that has been active [PDF] since at least 2013, specializing in widespread spy-craft. In the latest campaign, Kaspersky has observed spearphishing emails going out with malicious Microsoft Office documents containing a custom remote-access trojan (RAT) called Crimson. So far, researchers have found 1,093 targets across 27 countries, with the most-affected being Afghanistan, Germany, India, Iran and Pakistan.

Crimson is executed by way of embedded macros, according to Kaspersky research released on Thursday. It’s a .NET RAT that has a slew of malicious capabilities, including managing remote file systems, capturing screenshots, keylogging, conducting audio surveillance using built-in microphones, recording video streams from webcams, stealing passwords and stealing files.

Transparent Tribe has updated Crimson RAT for this campaign, the firm said, adding a server-side component used to manage infected client machines as well as a new USBWorm component developed for stealing files from removable drives, spreading across systems by infecting removable media, and downloading and executing a thin-client version of Crimson from a remote server. [...]
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top