Transparent Tribe (also known as APT36), a Pakistan-linked cyber threat group, has been found targeting the education sector in India, notably with the CrimsonRAT malware.

Transparent Tribe is reported to be distributing education-related malicious documents, purportedly related to student assignments, as attachments to phishing emails. The malicious documents open the door to CrimsonRAT, which uses both Microsoft Office macro and OLE embeds to lure victims into downloading malicious content. Disguised as an update process, CrimsonRAT is then executed.

Transparent Tribe has been targeting Indian military and defence personnel since 2013. In 2022, SentinelOne reported that the group has started targeting the Indian educational sector.