- The security team has noticed that the group known as APT36 has used "Officers posting policy revised final" to hide malicious PPAM files.
- Seqrite suggests some precautions, such as being careful when downloading files or opening email attachments from sources you didn't ask for or don't believe.
A group based in Pakistan is behind a new wave of cyber attacks on the Indian Army and the school system. The threat group is called “Transparent Tribe” in a study by Seqrite, which is the business side of Pune-based Quick Heal Technologies. It has been going after the Indian military and educational schools, like IITs and NITs, in the country. It is thought that the group began in 2013.
Why are they doing this? With this clever trick, the threat group hopes to trick victims who don’t know what’s going on into giving up private information.
Researchers say that the group is using a dangerous file called “Revision of Officers Posting Policy” to trick the Indian Army into letting them into their systems. The file looks like a legal document, but it has malware built in to take advantage of weaknesses.
Researchers in cybersecurity also saw an alarming rise in the number of attacks on the schooling sector. It says that since May 2022, Transparent Tribe has been going after India’s top schools, like the Indian Institutes of Technology (IITs), National Institutes of Technology (NITs), and business schools. The team says that these attacks got worse in the first three months of 2023 and were at their worst in February.
“An Indian defense organization is also being targeted by a group called SideCopy, which is part of the Transparent Tribe. “Testing a domain with a malicious file on it, which could be used as a phishing page, is how they work,” the experts said.
The security team has noticed that the group known as APT36 has used “Officers posting policy revised final” to hide malicious PPAM files. For those who don’t know, a PPAM file is a Microsoft PowerPoint add-in file. The report said, “These files use macro-enabled PowerPoint add-ons (PPAM) to hide archive files as OLE objects, hiding the fact that they contain malware.”
In its report, Seqrite suggests some precautions, such as being careful when downloading files or opening email attachments from sources you didn’t ask for or don’t believe.
“Security software, operating systems, and apps should be updated regularly to protect against known flaws. “It’s also important to use strong email filtering and web security tools to find and stop harmful content,” the team said.