The Transparent Tribe threat actor has been linked to a new campaign aimed at Indian government organizations with trojanized versions of a two-factor authentication solution called Kavach.
“This group abuses Google advertisements for the purpose of malvertising to distribute backdoored versions of Kavach multi-authentication (MFA) applications,” Zscaler ThreatLabz researcher Sudeep Singh said in a Thursday analysis.
The cybersecurity company said the advanced persistent threat group has also conducted low-volume credential harvesting attacks in which rogue websites masquerading as official Indian government portals were set up to lure unwitting users into entering their passwords.
Transparent Tribe, also known by the monikers APT36, Operation C-Major, and Mythic Leopard, is a suspected Pakistan adversarial collective that has a history of striking Indian and Afghanistan entities.
