{"id":228262,"date":"2026-01-03T01:14:36","date_gmt":"2026-01-03T07:14:36","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/01\/transparent-tribe-launches-new-rat-attacks-against-indian-government-and-academia"},"modified":"2026-01-03T01:14:36","modified_gmt":"2026-01-03T07:14:36","slug":"transparent-tribe-launches-new-rat-attacks-against-indian-government-and-academia","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/01\/transparent-tribe-launches-new-rat-attacks-against-indian-government-and-academia","title":{"rendered":"Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia"},"content":{"rendered":"<p style=\"padding-right: 20px\"><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/transparent-tribe-launches-new-rat-attacks-against-indian-government-and-academia2.jpg\"><\/a><\/p>\n<p>The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts.<\/p>\n<p>\u201cThe campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF document and embedded with full PDF content to evade user suspicion,\u201d CYFIRMA <a href=\"https:\/\/www.cyfirma.com\/research\/apt36-multi-stage-lnk-malware-campaign-targeting-indian-government-entities\/\" rel=\"noopener\" target=\"_blank\">said<\/a> in a technical report.<\/p>\n<p>Transparent Tribe, also called APT36, is a hacking group that\u2019s known for mounting cyber espionage campaigns against Indian organizations. Assessed to be of Indian origin, the state-sponsored adversary has been active since at least 2013.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts. \u201cThe campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1490],"tags":[],"class_list":["post-228262","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-government"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/228262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=228262"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/228262\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=228262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=228262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=228262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}