Summary: On April 24, 2025, the Pakistan-based APT36 group launched a phishing campaign targeting Indian government and defense personnel, using a fabricated report on a “Pahalgam Terror Attack” to deploy the CrimsonRAT malware. The attackers utilized social engineering tactics and lookalike domains to increase the credibility of their campaign, leading to sensitive data exfiltration. This incident serves as a reminder of how geopolitical tensions can be exploited to execute cyber espionage.
Affected: Indian government and defense personnel
Keypoints :
- Phishing campaign centered around a fake terror attack report designed to lure Indian officials.
- Malicious file uses the rare .ppam format to bypass detection while delivering CrimsonRAT malware.
- Highlighted techniques include domain spoofing, post-execution distractions, and dynamic command and control infrastructure.