A highly prolific hacker group continues to conduct cyber-espionage campaigns aimed at military and diplomatic entities all over the world, according to a new report from Kaspersky Lab.
The group, known as Transparent Tribe, PROJECTM and MYTHIC LEOPARD has been active since at least 2013 and previously has been linked to cyber-espionage campaigns against the Indian government and military, although recently the Transparent Tribe APT has shifted its focus on entities in Afghanistan.
The researchers said that over the years the threat actor has constantly used certain tools and created new programs for specific campaigns. Typically, the infection chain involves malicious documents containing an embedded macro, which deploys the malware.
In their campaigns the group mainly uses a custom malware known as Crimson RAT, as well as other custom .NET malware and a Python-based RAT known as Peppy.
Over the past year, the hackers considerably upgraded their tools, adding a management console and a USB worming function to the Crimson RAT, and stepped up their activity starting massive infection campaigns and developing new tools.
The Crimson RAT consists of various components and is able to:
manage remote filesystems
upload or download files
capture screenshots
perform audio surveillance using microphones
record video streams from webcam devices
capture screenshots
steal files from removable media
execute arbitrary commands
record keystrokes
steal passwords saved in browsers
spread across systems by infecting removable media
In the latest campaign the researchers observed a ..
Support the originator by clicking the read the rest link below.