30 countries are facing threat from a prominent cyber espionage group: Kaspersky

At least 30 countries are facing the threat of spear phishing and advanced cyber snooping tactics from noted cyber espionage and crime collective, Transparent Tribe.

According to a report by cyber security firm Kaspersky, Transparent Tribe has been known to have been active since 2013, and specialises in cyber espionage of critical sectors including government departments, as well as military and defence.

While the report does not offer detailed numbers in terms of how severe Transparent Tribe’s activities in India have been, it states that the group has a signature, advanced remote access trojan (RAT), Crimson, which has been spotted since 2017, which it uses to snoop on critical, top secret data.

Kaspersky states that India, Afghanistan, Pakistan, Iran, and Germany are among the most heavily targeted nations by Transparent Tribe.

To carry out acts of cyber espionage, the group reportedly uses spear phishing – a tactic where emails are sent from typically known or trusted contacts, therefore maximising the changes of the recipient interacting with the email.

These emails typically carry attachments such as a Microsoft Word or any other Office document, which in turn have embedded macro elements containing the group’s signature Crimson RAT. Once these documents are downloaded, the RAT then enables the attackers to take over file systems, and in turn gain access to sensitive information.

Cyber espionage is expected to grow increasingly, partly due to increasing digitisation of critical documents and infrastructure.

Transparent Tribe’s Crimson RAT is one such malware, and its persistent actions suggest that such threats will continue to remain in the future.