TURNING AID INTO ATTACK: EXPLOITATION OF PAKISTAN’S YOUTH LAPTOP SCHEME TO TARGET INDIA

March 27, 2025, 9:54 p.m.

Description

A Pakistan-based APT group, assessed with medium confidence as APT36, who created a fake IndiaPost website to target and infect both Windows and Android users.

External References

https://www.cyfirma.com/research/turning-aid-into-attack-exploitation-of-pakistans-youth-laptop-scheme-to-target-india/
https://otx.alienvault.com/pulse/67e5c685c1c1e48f06ee37fe
Tags
python
android
windows
crimson rat
pakistan
india
defense
rust
discord
clickfix
apt36
2025-03-27
html code
india post
bootreceiver
mywire

Date

  • Created: March 27, 2025, 9:43 p.m.
  • Published: March 27, 2025, 9:43 p.m.
  • Modified: March 27, 2025, 9:54 p.m.

Indicators

  • cbf74574278a22f1c38ca922f91548596630fc67bb234834d52557371b9abf5d
  • 287a5f95458301c632d6aa02de26d7fd9b63c6661af331dff1e9b2264d150d23
  • 88.222.245.211
  • email.gov.in.gov-in.mywire.org
  • postindia.site
Download all indicators here!

Attack Patterns

  • APT36
  • T1409
  • T1430
  • T1115
  • T1546
  • T1573
  • T1071
  • T1204
  • T1566
  • T1059