The rapid development of artificial intelligence (AI) is affecting many businesses in many countries, as well as having a significant impact on how cyber espionage organizations operate.
According to a report, Pakistan-based hackers aligned with the group known as Transparent Tribe (or APT36) are now using AI-assisted programming tools to produce and deliver high quantities of malware implants targeted at important locations.
The current attack is not that the attack itself is more difficult or complicated but that the number of actual attacks has significantly increased. Through AI-assisted tool creation, they can produce what are referred to as “low-quality, high-quantity implants” — lots of ways to confuse defenders and improve their chance of getting into the organization.
Turning to Obscure Coding Languages
Recent research from Bitdefender reveals that, unlike traditional malware developers who primarily use mainstream programming languages, the Transparent Tribe is testing out obscure programming languages such as Nim, Zig, and Crystal. By using these less common languages, the attackers can evade traditional security solutions, which are often designed to detect malware that is programmed in the more popular programming languages.
Research also indicates that the malware is communicating with its command-and-control servers and exfiltrating data using reputable third-party cloud services such as Slack, Discord, Supabase, and Google Sheets.
By masking the maliciousness of their actions with trusted cloud services, attackers can hide among the normal traffic on an organization’s network and make it much more difficult for enterprise security teams to detect them.
Transparent Tribe has been active for more than a decade and is widely regarded as a state-aligned cyber espionage group. First publicly documented in 2016, the group has conducted multiple campaigns targeting government agencies, defense organizations, diplomats, and strategic sectors across South Asia.
Over time, the group has refined its techniques to maintain long-term access to compromised systems. Its attacks often begin with carefully crafted social engineering lures, such as fake government documents, military-themed files, or phishing pages that impersonate legitimate institutions.
Once a victim is tricked into opening a malicious attachment or clicking a fraudulent link, the attackers deploy remote access trojans (RATs) that allow them to control infected systems. Among the tools commonly used by Transparent Tribe are Crimson RAT, AresRAT, GymRAT, and DeskRAT—malware families designed to monitor activity, steal data, and maintain persistent access.
APT36 Expands Targets from Military Systems to India’s Tech Startups
India continues to be the focal point of the group’s activities.
Over the years, the attackers have been targeting military personnel, defense contractors, aerospace bodies, and government departments. Recent intelligence, however, suggests that the group has widened their scope of targeting and now include the growing number of startups in India that are into cybersecurity, open-source intelligence, and emerging technologies associated with the government and law enforcement agencies.
In these newer campaigns, the attackers have used startup-themed documents and business proposals as bait to deliver malware. The shift suggests a strategic attempt to gather intelligence not only from traditional defense sectors but also from innovation-driven technology environments that could influence national security capabilities in the future.
Experts in the field of cyber security have expressed that the use of AI-assisted coding tools is an indication of an evolutionary change in the way cyber criminals conduct their activities. Instead of concentrating efforts on creating highly advanced malware, cyber criminals can now create numerous disposable programs within a short time. This is because even if most of the malware is identified or fails to function, the attacker would still obtain valuable information from the ones that succeed.
Staqo: Strengthening Enterprise Defenses in the Age of AI-Driven Threats
Proactive cybersecurity measures are essential for businesses dealing with such dynamic threats. Risk reduction is greatly aided by solutions like threat monitoring, vulnerability assessments, sophisticated malware detection, and incident response frameworks.
By providing features like security audits, managed security services, penetration testing, and advanced threat protection, Staqo Cybersecurity helps businesses improve their security posture.
Staqo helps businesses to build resilient digital infrastructures in an increasingly AI-driven threat landscape, identify new threats early, and effectively respond to cyber incidents by fusing technology expertise with proactive threat intelligence.