Tag: pakistan

15 Attack Reports | 0 Vulnerabilities

Attack reports

Confucius Espionage: From Stealer to Backdoor

The Confucius group, a long-running cyber-espionage actor operating in South Asia, has evolved its tactics from document stealers to Python-based backdoors. Recent campaigns showcase the group's adaptability and growing sophistication, targeting government agencies, military organizations, and crit…
obfuscation
pakistan
south asia
lnk files
python backdoor
cyber-espionage
2025-10-03
anondoor
wooperstealer
Published: October 3, 2025
Downloadable IOCs: 0

APT36: Targets Indian BOSS Linux Systems with Weaponized AutoStart Files

APT36, a Pakistan-based threat actor, is conducting a cyber-espionage campaign against Indian Government entities, targeting BOSS Linux systems with weaponized .desktop files. The group uses spear-phishing emails to deliver malicious payloads, exploiting the Linux environment to maintain persistent…
pakistan
persistence
india
government
spear-phishing
cyber-espionage
elf
boss linux
2025-08-23
.desktop files
Published: August 23, 2025
Downloadable IOCs: 0

'Blue Locker' Analysis: Ransomware Targeting Oil & Gas Sector in Pakistan

A new ransomware strain called 'Blue Locker' is targeting Pakistan's oil and gas sector, particularly affecting Pakistan Petroleum Limited. The National Cyber Emergency Response Team (NCERT) has issued warnings to 39 key ministries and institutions about this severe threat. The ransomware, which sh…
phishing
ransomware
pakistan
encryption
cybersecurity
2025-08-15
oil and gas
ncert
proton
shinra
blue locker
Published: August 15, 2025
Downloadable IOCs: 0

A Phishing Campaign Targeting Indian Government Entities

A sophisticated phishing campaign, likely attributed to Pakistan-linked APT36 (Transparent Tribe), is targeting Indian defense organizations and government entities using spoofed domains. The attackers employ advanced social engineering techniques, including real-time OTP harvesting, to bypass mult…
phishing
typosquatting
pakistan
india
defense
government
credential-harvesting
2025-08-03
kavach
otp
Published: August 3, 2025
Downloadable IOCs: 2

Phishing Campaign Targets Indian Defense Using Credential-Stealing Malware

APT36, a Pakistan-based cyber espionage group, is actively targeting Indian defense personnel through sophisticated phishing campaigns. The group disseminates emails with malicious PDF attachments resembling official government documents. When opened, these PDFs display a blurred background and a b…
phishing
pakistan
cyber espionage
credential theft
pdf
transparent tribe
2025-06-21
indian defense
Published: June 21, 2025
Downloadable IOCs: 0

Operation Sindoor: Anatomy of a High-Stakes Cyber Siege

Operation Sindoor, a coordinated cyber campaign targeting India's critical sectors, involved state-sponsored APT activity and hacktivist operations. The attack utilized spear phishing, malicious scripts, website defacements, and data leaks. APT36, a Pakistan-aligned threat group, employed advanced …
crimson rat
pakistan
ares rat
ddos
cyber espionage
india
hacktivism
apt36
spear phishing
2025-05-23
operation sindoor
Published: May 23, 2025
Downloadable IOCs: 8

Brief Disruptions, Bold Claims: The Tactical Reality Behind the India-Pakistan Hacktivist Surge

In May 2025, Pakistan-linked hacktivist groups claimed over 100 cyberattacks on Indian government, education, and critical infrastructure websites. However, an investigation reveals most breaches were exaggerated or fake. Alleged data leaks contained primarily public information, website defacement…
phishing
crimson rat
pakistan
ddos
india
cyberattack
data leak
apt36
hacktivist
defacement
2025-05-11
Published: May 11, 2025
Downloadable IOCs: 0

TURNING AID INTO ATTACK: EXPLOITATION OF PAKISTAN’S YOUTH LAPTOP SCHEME TO TARGET INDIA

A Pakistan-based APT group, assessed with medium confidence as APT36, who created a fake IndiaPost website to target and infect both Windows and Android users.
python
android
windows
crimson rat
pakistan
india
defense
rust
discord
clickfix
apt36
2025-03-27
html code
india post
bootreceiver
mywire
Published: March 27, 2025
Downloadable IOCs: 5

Attack On Maritime & Defense Manufacturing

The DONOT APT group has launched a campaign targeting Pakistan's manufacturing industry supporting maritime and defense sectors. The attack uses a malicious LNK file disguised as an RTF, which executes PowerShell commands to deliver a lure document and stager malware. The malware establishes persis…
apt
powershell
pakistan
persistence
encryption
defense
lnk file
maritime
2024-11-15
stager
manufacturing
Published: November 15, 2024
Downloadable IOCs: 0

Operation Cobalt Whisper: Threat Actor Targets Multiple Industries Across Hong Kong and Pakistan

A sophisticated cyber espionage campaign dubbed Operation Cobalt Whisper has been uncovered, targeting various industries in Hong Kong and Pakistan. The threat actor focuses on the defense sector, engineering researchers, and key entities in these regions, using tailored lures related to electrotec…
cobalt strike
pakistan
cyber espionage
vbscript
lnk files
2024-10-24
engineering
hong kong
defense sector
Published: October 24, 2024
Downloadable IOCs: 0

Analysis of Golang Payload and Information Theft Campaign

The report details a recent cyber attack campaign attributed to the APT-C-09 (Mozambique) threat group, which has historically targeted Pakistan and surrounding nations. The campaign employed a novel Golang malware payload and Quasar RAT to gather sensitive information. The analysis covers the tech…
malware
apt
espionage
pakistan
exfiltration
golang
2024-07-30
quasar
client.exe
winver.exe
Published: July 30, 2024
Downloadable IOCs: 8

Umbrella of Pakistani Threats: Converging Tactics of Cyber-operations Targeting India

This report examines the convergence of tactics employed by Pakistani cyber threat groups, including Transparent Tribe, SideCopy, and RusticWeb, targeting Indian government entities and critical infrastructure. It uncovers overlaps in their infrastructure, tactics, and payloads, suggesting coordina…
apt
espionage
crimson rat
pakistan
action rat
reverse rat
india
disgomoji
2024-07-29
poseidon
geta rat
Published: July 29, 2024
Downloadable IOCs: 89

CapraTube Remix | Android Spyware Targeting Gamers, Weapons Enthusiasts

SentinelLabs has uncovered a new campaign of Android spyware apps associated with the suspected Pakistan state-aligned Transparent Tribe threat group. The malicious apps, disguised as video browsers, gaming sites, and TikTok content, target mobile gamers, weapons enthusiasts, and individuals intere…
social engineering
android
pakistan
spyware
2024-07-01
caprarat
Published: July 1, 2024
Downloadable IOCs: 6

Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale

Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
impersonation
pakistan
fraud
2024-06-12
smishing
Published: June 12, 2024
Downloadable IOCs: 14

New Pakistan-based Cyber Espionage Group’s Year-Long Campaign Targeting Indian Defense Forces with Android Malware

CYFIRMA researchers identified an Android malware campaign, active for over a year, targeting Indian defense personnel by an unidentified Pakistan-based cyber espionage group. The threat actor utilized Spynote or a modified version called Craxs Rat, obfuscating the app with high complexity. Through…
malware
espionage
android
pakistan
2024-05-03
2024-05-04
2024-05-05
2024-05-06
india
spynote
defense
craxs rat
Published: May 6, 2024
Downloadable IOCs: 3
Click here to see more Attack Reports