Pakistan-backed hackers launch spyware attack on Indian government systems
What's the story
India's intelligence agencies have raised an alarm over a major cyber-espionage campaign by a Pakistan-linked hacker group called Transparent Tribe. The group is actively targeting government and military systems with an advanced spyware called DeskRAT. Citing top intelligence sources, News18 reported that the hacker group has significantly upgraded their capabilities this year by moving from public cloud-based delivery systems like Google Drive to dedicated private servers.
Strategy shift
Hackers using official-looking emails to infiltrate systems
The hackers are exploiting border tensions in Ladakh to monitor China's military movements by infiltrating critical Indian systems. They use official-looking emails, ZIP archives, and documents mimicking government notices or intelligence briefings to trick officials into installing the malicious software. The attacks are often timed with protests, security alerts, or border incidents when officials are most likely to open attachments perceived as urgent updates.
Malware function
Malware operates stealthily, exfiltrating data over weeks or months
Once installed, DeskRAT—a powerful remote access tool specifically targeting BOSS Linux systems—can silently browse files, copy documents, monitor activity, and exfiltrate sensitive intelligence without triggering alarms. The malware doesn't crash systems but operates stealthily to allow attackers to withdraw operational documents, strategic plans, and credentials over weeks or even months. Intelligence officials say Transparent Tribe's latest attacks are faster, stealthier, and harder to detect than before.
Tech integration
AI being used to automate malware development
The group has reportedly started using artificial intelligence to automate malware development, drastically reducing the time between concept and deployment. This allows them to generate new DeskRAT variants quickly and at scale, giving them a dangerous advantage over traditional cybersecurity defenses. Experts warn that automated detection and response tools will be needed to keep pace with these evolving threats.
Past operations
Transparent Tribe previously linked to phishing attacks
Transparent Tribe has been linked to phishing attacks distributing Crimson RAT malware, often disguised as PowerPoint or PDF briefings related to security issues. They allegedly circulated emotionally charged fake government messages to lure officials into opening infected attachments. The current DeskRAT campaign is one of the most sophisticated and persistent cyber-espionage threats India has faced in recent years.