Transparent Tribe, also known as APT36, has been targeting Indian government systems using sophisticated spear-phishing attacks and weaponized desktop shortcut files on Windows and BOSS Linux environments. The group continues to demonstrate its advanced tactics by deploying custom malware such as Poseidon backdoor to maintain persistent access and exfiltrate sensitive information. #APT36 #PoseidonBackdoor
Keypoints
- Transparent Tribe targets Indian government entities through spear-phishing emails with malicious desktop files.
- The malware chain includes shell scripts, hex-encoded payloads, and command-and-control servers for remote management.
- The group uses techniques like anti-debugging, sandbox evasion, and persistence methods such as cron jobs.
- Attacks focus on stealing credentials and two-factor authentication codes, particularly targeting Kavach 2FA system.
- Operatives are believed to be of Pakistani origin and use infrastructure hosted on Pakistan-based servers, aligning with their established TTPs.
Read More: https://thehackernews.com/2025/08/transparent-tribe-targets-indian-govt.html