Indian Infrastructure Targeted with Desktop Lures and Poseidon Backdoor
Aug. 1, 2025, 1:13 p.m.
Description
APT36, a Pakistan-linked threat group, has expanded its operations to target Indian government and civilian infrastructure, including railways, oil & gas, and the Ministry of External Affairs. The group employs sophisticated phishing techniques and novel payload strategies, using .desktop files disguised as PDF documents to execute malicious scripts. Two attack variants were identified, utilizing single and redundant command and control server setups. The Poseidon backdoor, built on the Mythic framework, is deployed for persistent access and lateral movement. Over 100 phishing domains impersonating Indian government organizations were discovered, primarily hosted by AlexHost. The campaign, active since early July 2025, poses a significant threat to Indian public sector and critical infrastructure.
Tags
Date
- Created: Aug. 1, 2025, 12:31 p.m.
- Published: Aug. 1, 2025, 12:31 p.m.
- Modified: Aug. 1, 2025, 1:13 p.m.
Indicators
- 8bb7fee18fc1cef3b3697472a6337f4bb432a6a44ebcaf4727e44ffdb4b21e33
- 8441601f4bb59f529ff1130bd308b94d0a0785f660193f6a7a748071913f9045
- 5c3472163ad4c1adcfebe15d1016058a5f020100f872ddcc3e692286abbae405
- 38136d87e9687398f906687ea9886feead2da21ec18c2df96cc210e05619f26f
- 3326ba81b48ab03f7f49d2da70d3bbe4ea0e163d33e7399d528152b7c3da9170
- 7a2f7357ce5ebd03bbf10b856a30706f71eb1586c309aff9169fb5b056791741
- 64.227.189.57
- 37.221.64.202
- 209.38.203.53
- 165.232.114.63
- 165.22.251.224
- 178.128.204.138
- www.mod.gov.in.indiandefence.services
- www.mnscare.live
- www.email.gov.in.modindia.link
- www.email.gov.in.indiandefence.work
- www.email.gov.in.defenceindia.ltd
- indianarmy.nic.in.nominationdrdo.report
- gov.in.nominationdrdo.report
- email.gov.in.defencedept.work
- drdo.gov.in.nominationdrdo.report
- nominationdrdo.report
- dmsupport.live
- dayenter.shop
- 37-221-64-252.cprapid.com
- indianarmy.nic.in.ministryofdefenceindia.org
- indianarmy.nic.in.departmentofdefence.de
- iaf.nic.in.ministryofdefenceindia.org
- email.gov.in.modindia.link
- email.gov.in.ministryofdefenceindia.org
- email.gov.in.indiandefence.work
- email.gov.in.indiadefencedepartment.link
- email.gov.in.departmentofspace.info
- email.gov.in.departmentofdefence.de
- email.gov.in.defenceindia.ltd
- email.gov.in.briefcases.email
Additional Informations
- Energy
- Transportation
- Government
- mod.gov.in.modpersonnel.support
- mod.gov.in.indiandefence.services
- mod.gov.in.indiandefence.directory
- mod.gov.in.defencepersonnel.support
- mea.gov.in.indiandefence.services
- accounts.mgovcloud.in.indiagov.support
- accounts.mgovcloud.in.storagecloud.download
- accounts.mgovcloud.in.cloudshare.digital
- jkpolice.gov.in.kashmirattack.exposed
- email.gov.in.indiangov.download
- British Indian Ocean Territory
- India