Advisory: Pahalgam Attack themed decoys used by APT36 to target the Indian Government

Description

A Pakistan-linked APT group, Transparent Tribe (APT36), is targeting Indian Government and Defense personnel using 'Pahalgam Terror Attack' themed documents. The campaign involves credential phishing and deployment of malicious payloads, with fake domains impersonating Jammu & Kashmir Police and Indian Air Force. The phishing PDF documents contain embedded links leading to fake login pages. A PowerPoint add-on file with malicious macros has been identified, which drops the Crimson RAT payload. The campaign exploits sensitive geopolitical issues to maximize impact and extract intelligence. Multiple phishing domains were created shortly after the attack, impersonating various Indian government entities. The potential impact includes disruption of sensitive operations, information manipulation, and data breaches.