Pak-linked hacker group targets Indian government, military networks with advanced spyware: Report

NEW DELHI: An Intelligence Agencys report has alerted the Ministry of Home Affairs (MHA) to a major cyber-espionage campaign by Pakistan-linked hacker group Transparent Tribe, which is targeting Indian government and military networks with an advanced spyware called DeskRAT, sources said on Friday. The report warns that the group has upgraded its tactics this year, moving from public cloud platforms like Google Drive to private servers, making detection and blocking more difficult. According to sources, the hackers are believed to be exploiting ongoing border tensions in Ladakh, attempting to intercept intelligence related to Chinas military movements through compromised Indian systems. Agencies said the attackers are using sophisticated phishing emails disguised as government notices, ZIP files and intelligence briefings, often timed with security alerts or border incidents, to trick officials into downloading infected attachments. Once installed, DeskRAT, a remote access tool tailored for BOSS Linux systems widely used in government offices, can secretly monitor, extract and transmit sensitive files without detection. The latest attacks are faster, stealthier and harder to detect, a source said. The report also highlights the hackers use of artificial intelligence and large language models (LLMs) to rapidly develop new malware variants, outpacing traditional cybersecurity defences. Experts have warned that only automated, real-time threat detection can counter such adaptive attacks aimed at long-term espionage of Indias defence and administrative networks. The Transparent Tribe has been previously linked to attacks distributing Crimson RAT malware, often through phishing documents disguised as security briefings. During the April 2025 Pahalgam terror attack, the group allegedly circulated fake government messages to lure officials into opening infected attachments. Following the alert, the MHA has directed all ministries and defence units to step up cyber vigilance and strengthen security protocols, calling the threat a matter of national security.