Researchers from Cisco Talos warn that the Pakistan-linked APT group Transparent Tribe expanded its Windows malware arsenal. The group used the new malware dubbed ObliqueRAT in cyberespionage attacks against Indian targets.
The Operation Transparent Tribe (Operation C-Major, APT36, and Mythic Leopard) was first spotted by Proofpoint Researchers in Feb 2016, in a series of cyber espionage operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. At that time, the researchers tracked the sources IP in Pakistan, the attacks were part of a wider operation that relies on multi-vector such as watering hole websites and phishing email campaigns delivering custom RATs dubbed Crimson and Peppy. These RATs are capable of exfiltrate information, take screenshot, and record webcam streams.