A Pakistan-aligned threat group known as APT36 or Transparent Tribe has been observed targeting the Indian education sector. The group is deploying malicious Office documents that distribute Crimson RAT, security researchers say. SentinelOne security researchers published an advisory this week addressing the attacks. The advisory states that Crimson RAT is consistently used by the APT36 hacking group.
The group has been active since 2013, but recently shifted its focus to educational institutions rather than military and government personnel targets. The malware that the group deploys, Crimson RAT, is able to exfiltrate system information, capture screenshots, and other malicious activities. It also possesses the ability to implement various obfuscation techniques.