APT36
-
Cross platform RAT campaigns target Indian defense and government aligned organisations
Multiple campaigns used Geta RAT, Ares RAT and DeskRAT to compromise Windows and Linux systems at Indian defense and government aligned organizations in late 2025 and early 2026.
-
Pakistan-linked campaigns use new tradecraft to target Indian government in September 2025
Two campaigns codenamed Gopher Strike and Sheet Attack targeted Indian government entities in September 2025 using phishing and legitimate services for command and control. Malware included a Golang downloader, GitHub-based backdoors and a loader for Cobalt Strike.
-
APT36 uses weaponized LNK files to target Indian government entities
A multi-stage fileless campaign attributed to APT36 used oversized .lnk shortcuts embedding PDFs to deliver HTA loaders and in-memory .NET DLLs targeting Indian government systems. The malware adapts persistence to installed antivirus and uses encrypted C2.
-
APT36 uses Golang DeskRAT in spear‑phishing campaign against Indian government targets
Security researchers reported that APT36 (Transparent Tribe) used spear‑phishing to deliver a Golang remote access trojan called DeskRAT against Indian government targets, with the campaign targeting BOSS Linux, using multiple persistence methods and WebSocket C2.
-
Transparent Tribe targets Indian government with dual-platform Linux and Windows malware, researchers say
Researchers say the Transparent Tribe (APT36) has expanded its assault on Indian government networks with a cross‑platform campaign targeting Windows and Linux‑BOSS systems through spear‑phishing, weaponized desktop shortcuts, and a Go‑based backdoor, complemented by anti‑analysis techniques and 2FA‑focused phishing.
-
Pakistan-based Cyber Espionage Group Targets Indian Defence with New Linux Malware
A recent cyber espionage operation by the Pakistan-based group APT36 is targeting Indian defence personnel using sophisticated Linux malware that exploits phishing tactics and malicious software designed specifically for Linux environments.
