A Phishing Campaign Targeting Indian Government Entities

Description

A sophisticated phishing campaign, likely attributed to Pakistan-linked APT36 (Transparent Tribe), is targeting Indian defense organizations and government entities using spoofed domains. The attackers employ advanced social engineering techniques, including real-time OTP harvesting, to bypass multi-factor authentication and gain access to official email accounts. The campaign uses typo-squatted domains mimicking government platforms to steal credentials. Infrastructure analysis reveals connections to Pakistani IPs and possible staging via Zah Computers. The threat actors create a false sense of legitimacy by referencing trusted authorities and secure communication flows. This coordinated approach highlights the severity of the threat and the attackers' strategic intent, potentially posing significant risks to national security.