TransparentTribe Targets Indian Military with DeskRAT Malware

Description

TransparentTribe, a Pakistani-nexus intrusion set, has launched a new cyber espionage campaign targeting Indian military organizations with DeskRAT malware. The infection chain begins with phishing emails containing links to malicious ZIP archives hosted on staging servers. These archives contain DESKTOP files that execute a multi-stage payload, ultimately delivering a Golang-based Remote Access Trojan (RAT) dubbed DeskRAT. The malware establishes command and control communications over WebSocket and implements various persistence techniques specific to Linux environments. The campaign appears to be designed to target BOSS operating systems, endorsed by the Indian government. TransparentTribe leverages local protests and regional tensions to compromise defense and government entities, aligning with their previous cyber espionage operations supporting Pakistan's strategic objectives in the region.