Pakistan-Linked Hackers Targeting Indian Military, Govt Systems With AI-Based Spyware: Sources

Last Updated:November 07, 2025, 13:52 IST

India's intelligence agencies have warned of a major cyber-espionage campaign by Pakistan-linked group Transparent Tribe, which is targeting government and military systems.

An AI-generate image to represent a digital fraud (News18)

India’s intelligence agencies have sounded an alarm over a major cyber-espionage campaign orchestrated by a Pakistan-linked hacker group known as Transparent Tribe, which is actively targeting government and military computers using an advanced spyware called DeskRAT.

According to top intelligence sources, the group has significantly upgraded its capabilities this year, shifting from public cloud-based delivery systems like Google Drive to dedicated private servers, making its operations harder to trace and block.

Officials said the hackers are exploiting border tensions in Ladakh and are attempting to monitor China’s military movements by infiltrating critical Indian systems.

The attackers are using official-looking emails, ZIP archives, and documents that mimic government notices or intelligence briefings to trick officials into installing the malicious software.

The deception is often timed with protests, security alerts, or border incidents, when officials are most likely to open attachments perceived as urgent updates.

Once installed, DeskRAT, a powerful remote access tool specifically targeting BOSS Linux systems, which are widely deployed across Indian government offices, can silently browse files, copy documents, monitor activity, and exfiltrate sensitive intelligence without triggering alarms.

The malware does not crash systems but instead operates stealthily, allowing the attackers to withdraw operational documents, strategic plans, and credentials over weeks or even months.

Intelligence officials said Transparent Tribe’s latest attacks are faster, stealthier, and harder to detect than before.

The group has reportedly begun using artificial intelligence and large language models (LLMs) to automate malware development, drastically reducing the time between concept and deployment.

This allows them to generate new DeskRAT variants quickly and at scale, giving them a dangerous advantage over traditional cybersecurity defences.

Experts warn that defenders will need automated detection and response tools to keep pace with these evolving threats.

The goal of the campaign, sources said, is not immediate disruption but long-term espionage, to quietly extract intelligence and compromise communication channels within India’s defence and administrative networks.

Transparent Tribe has previously been linked to phishing attacks that distributed Crimson RAT malware, often disguised as PowerPoint or PDF briefings related to security issues.

Notably, during the April 2025 Pahalgam terror attack, the group is believed to have circulated emotionally charged fake government messages to lure officials into opening infected attachments.

Authorities describe the ongoing DeskRAT campaign as one of the most sophisticated and persistent cyber-espionage threats India has faced in recent years, warning that vigilance, training, and rapid-response cyber defences are critical to protecting national security.

Manoj Gupta

Group Editor, Investigations & Security Affairs, Network18

Group Editor, Investigations & Security Affairs, Network18

News india Pakistan-Linked Hackers Targeting Indian Military, Govt Systems With AI-Based Spyware: Sources

Read More