breach
IndiaThe Hacker News
IndiaThe Hacker NewsTransparent Tribe APT Targets Indian Entities with Evolving RATs
Friday, January 2, 2026
What
The state-sponsored Transparent Tribe APT group is deploying adaptive Remote Access Trojans against Indian targets via spear-phishing. This matters because their evolving tactics, including anti-AV persistence mechanisms, grant them persistent control and intelligence collection capabilities.
Where
Indian governmental, academic, and strategic entities.
When
Ongoing campaign, active since at least 2013.
Key Factors
- •The campaign leverages deceptive LNK files disguised as PDFs, executing HTA scripts to load RAT payloads directly in memory while displaying decoy documents to evade suspicion.
- •The malware demonstrates adaptive persistence methods based on detected antivirus solutions, utilizing LNK files, batch scripts, or registry modifications for stealthy, long-term access.
- •A new DLL-based RAT ("iinneldc.dll") provides comprehensive remote control and data exfiltration, while C2 communication uses reversed endpoint characters to evade static detection.
Takeaways
- →Organizations should implement advanced email filtering, user awareness training on LNK file and HTA script risks, and endpoint detection and response (EDR) solutions.
- →Regularly update antivirus definitions and consider multi-layered security defenses that can detect and prevent sophisticated, adaptive persistence techniques.
Read Full Article
Opens original article on The Hacker News
