Proofpoint researchers recently uncovered evidence of an advanced persistent threat (APT) against Indian diplomatic and military resources. What initially appeared to be a relatively small email campaign sent to Indian embassies in Saudi Arabia and Kazakstan now appears connected to watering hole sites targeting Indian military personnel as well as other campaigns designed to drop a remote access Trojan (RAT) we have dubbed "MSIL/Crimson". This RAT has a variety of data exfiltration functions, including screen capture and keylogging.
Further analysis showed that many of the campaigns and attacks appear related by common IOCs, vectors, payloads, and language, although the exact nature and attribution associated with this APT remains under investigation. You can read the complete report here, including full cluster and technical analyses.
While our investigation of this threat is ongoing, this serves as an important reminder that wars are no longer waged solely on the ground or in the air. Rather, threat actors (whether from nation-states or private parties with interests in international conflicts) will use a variety of cyber tools to achieve their goals.
To learn more, download the paper, "Operation Transparent Tribe".