Threat Intelligence

Report sheds light on multi-pronged APT36 attacks against India

Red glowing word cyberattack on a black wall surrounded by green random letters cybersecurity concept 3D illustration

Indian government and defense organizations have been targeted by Pakistan-linked threat group APT36, also known as Transparent Tribe, in multiple active intrusion campaigns over the previous month, reports GBHacker News.

Aside from delivering phishing emails spreading the GETA RAT malware on Windows systems, APT36 also launched another campaign that targeted Linux systems with the ARES RAT payload, which enabled automated system profiling, repetitive file enumeration, and structured data theft, according to Aryaka Threat Research Labs researchers. Another APT36 campaign involved the use of illicit PowerPoint Add-In files to distribute the Go-based Desk RAT malware, which allowed persistent surveillance efforts.

APT36's expanded cross-platform targeting, weaponization of memory-based tactics, and usage of nascent attack vectors should prompt increased inter-platform visibility and behavioral signal awareness among network defenders. Organizations' security teams have also been urged to be wary of attackers' persistence on targeted networks, which has been more damaging than accelerated intrusions.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds