Find notable cyber news and cases, enriched with sources, timelines, and signals.

Transparent Tribe AI-assisted implant campaign targeting India

Campaign
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

Transparent Tribe (APT36) is using AI-powered coding tools to mass-produce disposable implants in an active campaign targeting the Indian government, its embassies, and other government and private entities across Afghanistan and beyond, increasing the scale and persistence of the operation. The group is pairing that with phishing and PDF lures that deliver LNK files in ZIP/ISO containers and launch PowerShell in memory. It also relies on trusted services such as Slack, Discord, Supabase, and Google Sheets to hide command-and-control traffic. The result is an industrialized operation that floods defenders with many low-cost binaries and makes detection harder.

Related Happenings

SideCopy Operation XENOFISCAL spear-phishing campaign targeting Afghan finance entities

Campaign
H score25 First: 02.06.2026 12:05 Last: 02.06.2026 12:05 Sources 1

About this happening: The **SideCopy**-linked **Operation XENOFISCAL** spear-phishing campaign is targeting **Afghanistan's Ministry of Finance** and related provincial finance offices with **Xeno RAT*...

ModeloRAT malicious PowerShell and Dropbox delivery activity

Malware Activity
H score16 First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **ModeloRAT** activity now uses a **malicious PowerShell command** and a **Dropbox ZIP payload** to gain persistent footholds, enabling **system reconnaissance**, **screenshot...

GopherWhisper China-aligned APT campaign targeting Mongolian government institutions

Campaign
H score30 First: 23.04.2026 12:04 Last: 23.04.2026 12:04 Sources 1

About this happening: The **GopherWhisper** campaign is a **China-aligned APT operation** targeting **Mongolian governmental institutions**, and it now appears to extend beyond a single compromise to *...

Lotus Wiper destructive activity against Venezuelan energy systems

Malware Activity
H score32 First: 22.04.2026 13:55 Last: 22.04.2026 13:55 Sources 1

About this happening: Researchers uncovered **Lotus Wiper**, a **previously undocumented data wiper**, in **destructive attacks** against **Venezuela**. The operation targeted the **energy and utilitie...

LOTUSLITE evolved backdoor activity in India banking-sector targeting

Malware Activity
H score23 First: 22.04.2026 10:58 Last: 22.04.2026 10:58 Sources 1

About this happening: An **evolved LOTUSLITE** backdoor is now being deployed with **remote shell**, **file operations**, **session management**, and **data exfiltration** capabilities, extending an **...

Timeline

  1. 06.03.2026 17:11 2 articles · 4mo ago

    Transparent Tribe AI-assisted implant campaign targeting Indian and Afghan government entities

    Initial Disclosure

    Transparent Tribe (APT36) is using AI-powered coding tools to mass-produce disposable malware implants against the Indian government, its embassies in multiple foreign countries, the Afghan government, and some private businesses, while using LinkedIn to identify high-value targets and relying on phishing-delivered LNK files in ZIP or ISO archives, PDF lures, in-memory PowerShell execution, and post-compromise tooling such as Cobalt Strike and Havoc. The reported malware set includes Warcode, NimShellcodeLoader, CreepDropper, SupaServ, LuminousStealer, CrystalShell, ZigShell, CrystalFile, LuminousCookies, BackupSpy, ZigLoader, and Gate Sentinel Beacon, with trusted services such as Slack, Discord, Supabase, Google Sheets, Firebase, and Google Drive used to blend command-and-control and exfiltration traffic into legitimate network activity.

    Show sources