Transparent Tribe: Pivoting to Target Linux and Legitimate Software Techniques
In a recent development in the world of cyber-espionage, a Pakistan-linked group known as Transparent Tribe has expanded its tactics to include a wider range of legitimate software techniques in order to evade cybersecurity defenses. This shift includes targeting Linux systems as much as Windows, as well as incorporating legitimate cloud services like Google Drive and Telegram into their attacks.
Historically, Transparent Tribe has focused on targeting government agencies and defense firms in India, using cyberattacks to compromise Windows systems and Android devices. However, in their latest campaign, the group has shifted its focus to Linux systems, with 65% of attacks using Linux Executable and Linkable Format (ELF) binaries that target India’s MayaOS distribution.
According to Ismael Valenzuela, vice president of threat intelligence and research at cybersecurity firm BlackBerry, Transparent Tribe remains primarily focused on compromising India’s government, military, and private industry. Despite targeting other regions like the US, Europe, and Australia in the past, India remains their primary target.
The group’s use of cross-platform programming languages like Python, Golang, and Rust allows them to create programs for both Windows and Linux, with their latest attack using ELF binaries to distribute a Python-based downloader. Additionally, Transparent Tribe has been experimenting with new delivery mechanisms, including utilizing Linux desktop entry files as an attack vector.
Overall, Transparent Tribe’s adoption of legitimate tools and services as part of their attack infrastructure demonstrates a growing trend in cyber-threat landscapes. By leveraging seemingly benign software in malicious ways, these threat actors can operate under the radar and effectively hide in plain sight. The group’s evolving tactics highlight the importance of staying vigilant and adapting cybersecurity defenses to combat emerging threats in the digital realm.