A recent report from Seqrite Labs has uncovered a coordinated phishing campaign by the Pakistan-linked threat actor APT36, targeting Indian government and defense personnel using lures related to the Pahalgam terror attack. The operation employs malicious documents to deploy the Crimson RAT and harvest sensitive credentials. This sophisticated campaign highlights APT36’s rapid operational tempo and specialized social engineering tactics.
Keypoints :
- APT36 (Transparent Tribe) launched a phishing campaign targeting Indian government officials post-Pahalgam terror attack.
- Phishing documents with titles related to the attack lead to fake login pages mimicking legitimate government sites.
- The campaign uses malicious PowerPoint files to deploy the Crimson RAT, which is disguised as an image file.
- Crimson RAT has multiple command-and-control capabilities, including screenshot capture and remote command execution.
- Phishing domains were created shortly after the attack, featuring impersonated subdomains linked to various Indian defense departments.
- Sequence attributes the campaign to APT36 based on historical tactics, focusing on espionage and credential harvesting targeting national security.
Read More: https://securityonline.info/apt36-targets-india-with-pahalgam-attack-themed-phishing/