A Pakistani threat actor, Transparent Tribe, is targeting Indian government entities with spear-phishing campaigns delivering DeskRAT, a Golang-based malware. The operation includes sophisticated persistence methods and cross-platform variants for Linux and Windows systems. #TransparentTribe #DeskRAT
Keypoints
- Transparent Tribe uses spear-phishing emails with ZIP files or cloud-based links to deploy DeskRAT malware.
- The malware targets BOSS Linux systems and Windows endpoints, supporting various persistence techniques.
- DeskRATβs command set includes functions like ping, heartbeat, browsing files, and exfiltrating data.
- Threat actors have transitioned from using legitimate cloud storage to dedicated staging servers for malware delivery.
- Recent campaigns indicate a high delivery rate with multiple malware variants and ongoing espionage activities across South and Southeast Asia.
Read More: https://thehackernews.com/2025/10/apt36-targets-indian-government-with.html