CYFIRMA’s report highlights a sophisticated phishing campaign by APT36 targeting Indian defense personnel with multi-layered malware techniques. The operation showcases advanced tactics like anti-debugging, environment variable manipulation, and encrypted C2 communication. #APT36 #CYFIRMA
Keypoints
- The phishing campaign starts with a spear-phishing email containing a malicious PDF file.
- The malware uses anti-analysis techniques such as anti-debugging and anti-VM evasion.
- It employs disguised executable files to evade detection and persist on compromised systems.
- The malware exfiltrates sensitive data including credentials, browser cookies, and clipboard contents.
- The threat actors use encrypted HTTP(S) traffic and CDN infrastructure for C2 communication and obfuscation.