APT36, also known as Transparent Tribe, has shifted its focus to exploiting Linux-based systems, especially targeting Indian government agencies using BOSS Linux. This campaign involves sophisticated phishing tactics and malware to conduct espionage, posing a serious threat to critical infrastructure. #APT36 #BOSSLinux
Keypoints
- APT36 has evolved to target Linux systems, expanding its cyber-espionage capabilities.
- The campaign uses phishing emails with disguised ZIP archives containing malicious files.
- Malware deployment includes a stealthy ELF binary that conducts reconnaissance and exfiltration.
- The malware maintains persistence and evades detection by using specific techniques and tools.
- Organizations in the public sector using Linux systems are advised to prioritize this threat.