Tag: apt36

8 Attack Reports | 0 Vulnerabilities

Attack reports

APT36 Malware Campaign Using Desktop Entry Files and Google Drive Payload Delivery

Pakistan-linked APT36 (Transparent Tribe) launched a new cyber-espionage campaign targeting Indian government and defense entities. Active in August 2025, the group used phishing ZIP files containing malicious Linux “.desktop” shortcuts that downloaded payloads from Google Drive.
persistence
stealth
apt36
websocket
google drive
2025-08-21
syscall
icon data
ctfuft
linux desktop
stealth server
unix timestamp
Published: August 21, 2025
Downloadable IOCs: 6

Phishing Attack: Deploying Malware on Indian Defense BOSS Linux

APT36, a Pakistan-based threat actor, has launched a sophisticated cyber-espionage campaign targeting the Indian defense sector. The group has adapted its tactics to focus on Linux-based environments, particularly BOSS Linux, used by Indian government agencies. The attack involves phishing emails w…
phishing
transparent tribe
apt36
cyber-espionage
indian defense
2025-08-08
.desktop file
boss linux
elf binary
boss.elf
Published: August 8, 2025
Downloadable IOCs: 8

Illuminating Transparent Tribe

This analysis explores the infrastructure of APT36, also known as Transparent Tribe, using passive DNS and host response history. Starting with indicators from a CyberXTron report on a targeted phishing attack against Indian Government and Defense, the investigation expands through DNS history, IP …
phishing
defense
apt36
passive dns
infrastructure discovery
2025-06-03
indian government
etag pivoting
dns history
Published: June 3, 2025
Downloadable IOCs: 3

Operation Sindoor: Anatomy of a High-Stakes Cyber Siege

Operation Sindoor, a coordinated cyber campaign targeting India's critical sectors, involved state-sponsored APT activity and hacktivist operations. The attack utilized spear phishing, malicious scripts, website defacements, and data leaks. APT36, a Pakistan-aligned threat group, employed advanced …
crimson rat
pakistan
ares rat
ddos
cyber espionage
india
hacktivism
apt36
spear phishing
2025-05-23
operation sindoor
Published: May 23, 2025
Downloadable IOCs: 8

Brief Disruptions, Bold Claims: The Tactical Reality Behind the India-Pakistan Hacktivist Surge

In May 2025, Pakistan-linked hacktivist groups claimed over 100 cyberattacks on Indian government, education, and critical infrastructure websites. However, an investigation reveals most breaches were exaggerated or fake. Alleged data leaks contained primarily public information, website defacement…
phishing
crimson rat
pakistan
ddos
india
cyberattack
data leak
apt36
hacktivist
defacement
2025-05-11
Published: May 11, 2025
Downloadable IOCs: 0

TURNING AID INTO ATTACK: EXPLOITATION OF PAKISTAN’S YOUTH LAPTOP SCHEME TO TARGET INDIA

A Pakistan-based APT group, assessed with medium confidence as APT36, who created a fake IndiaPost website to target and infect both Windows and Android users.
python
android
windows
crimson rat
pakistan
india
defense
rust
discord
clickfix
apt36
2025-03-27
html code
india post
bootreceiver
mywire
Published: March 27, 2025
Downloadable IOCs: 5

Cloudy With a Chance of RATs: Unveiling APT36 and the Evolution of ElizaRAT

APT36, also known as Transparent Tribe, is a Pakistan-based threat actor targeting Indian government and military entities. Their campaigns utilize ElizaRAT, a Windows Remote Access Tool that has evolved to enhance evasion techniques and C2 communication. Recent campaigns employ cloud services like…
espionage
rat
stealer
transparent tribe
apt36
cloud services
2024-11-04
apolostealer
Published: November 4, 2024
Downloadable IOCs: 23

OSINT Investigation: Hunting Malicious Infrastructure Linked to Transparent Tribe

This investigation tracked infrastructure linked to the APT group Transparent Tribe, identifying 15 malicious hosts on DigitalOcean serving as command-and-control servers for the Mythic exploitation framework. The group employs Linux desktop entry files as an attack vector, targeting individuals in…
linux
india
c2
poseidon
mythic
2024-09-30
apt36
desktop entry
osint
digitalocean
jarm
Published: September 30, 2024
Downloadable IOCs: 19
Click here to see more Attack Reports