South Asia
-
Harvester deploys Linux version of GoGra backdoor in South Asia targeting campaign
Harvester has deployed a Linux version of its GoGra backdoor in attacks likely aimed at South Asia, using Microsoft cloud email services as a covert control channel, according to a technical analysis by Symantec and Carbon Black Threat Hunter Team.
-
SideWinder adopts ClickOnce-based infection chain in South Asia espionage campaign
Researchers say the SideWinder group used a new ClickOnce‑based infection chain alongside Word exploits in spear‑phishing waves from March to September 2025 to deliver ModuleInstaller and the StealerBot implant against diplomatic and government targets in South Asia.
-
APT36 uses Golang DeskRAT in spear‑phishing campaign against Indian government targets
Security researchers reported that APT36 (Transparent Tribe) used spear‑phishing to deliver a Golang remote access trojan called DeskRAT against Indian government targets, with the campaign targeting BOSS Linux, using multiple persistence methods and WebSocket C2.
