Lmst

APT36 : Multi-Stage LNK Malware Campaign Targeting Indian Government Entities
#APT36
https://www.cyfirma.com/research/apt36-multi-stage-lnk-malware-campaign-targeting-indian-government-entities/

Assisi [ca. 1920]
1 print (poster) : lithograph, color ; 98 x 67 cm. | Poster showing Assisi and the countryside as if from a window in a tower.

#Assisi #Italy #Umbria #Italian #ASSISI #APT36 #Umbrian #travelposters #lithographs #italian #assisi(italy) #color #photopgraphy #LibraryOfCongress

https://www.loc.gov/pictures/item/2004675365/

The image depicts an antique poster featuring Assisi, a historical town located in Italy's Umbria region. The artwork presents Assisi from the vantage point of someone looking out through a window in a tower structure. Dominating the center is a large arch frame containing vibrant colors and intricate details showcasing picturesque views of the landscape below.
The backdrop displays rolling hills covered with greenery, indicating cultivated fields or vineyards typical to this region. Nestled amidst these landscapes are quaint structures that resemble traditional Italian architecture, including terracotta roofs and white facades, hinting at an ancient town rich in history. Among them stands a prominent church with its bell tower reaching into the sky.
The poster's color palette is predominantly blue, yellow, green, and orange, evoking warmth while capturing Assisi's natural beauty and cultural heritage. The title "ASSISI" prominently displayed across the lower portion of the arch indicates the town being advertised or showcased in this image. An additional text fragment located at the bottom left corner mentions a specific collection or library reference (9724 APT 36), suggesting that this poster might be part of an archive.
Overall, it appears to serve as a travel advertisement, promoting Assisi and encouraging tourism within Italy's picturesque Umbrian region during its era.

🛡️ APT36 DeskRAT Malware Campaign Against Indian Government
Pakistan-linked APT36 is targeting Indian government systems via Golang-based DeskRAT malware, delivered through spear-phishing emails and malicious ZIP/Desktop attachments. Linux BOSS and Windows systems are compromised, enabling remote access and exfiltration.
💬 How should public sector entities defend against state-sponsored malware campaigns? Share your insights below.

Follow TechNadu for verified cybersecurity news and threat intelligence updates.

#CyberSecurity #APT36 #DeskRAT #Malware #StateSponsoredAttack #InfoSec #ThreatIntel #India #TechNadu #GolangMalware

📢 TransparentTribe (APT36) déploie un nouveau RAT Golang DeskRAT ciblant BOSS Linux via fichiers .desktop piégés
📝 Selon SEKOIA (blog.sekoia.io), TransparentTribe (APT36), un ac...
📖 cyberveille : https://cyberveille.ch/posts/2025-10-23-transparenttribe-apt36-deploie-un-nouveau-rat-golang-deskrat-ciblant-boss-linux-via-fichiers-desktop-pieges/
🌐 source : https://blog.sekoia.io/transparenttribe-targets-indian-military-organisations-with-deskrat/
#APT36 #BOSS_Linux #Cyberveille

Discover how #TransparentTribe (#APT36) uses a disguised DESKTOP dropper to deploy #DeskRAT, a Golang RAT, on BOSS Linux endpoints in India.

Our Sekoia #TDR report breaks down the full infection chain and stealthy WebSocket C2 communications .

📢 StealthServer : un backdoor Go multiplateforme attribué à APT36 cible Windows et Linux
📝 Selon un billet de blog technique de XLab de QiAnXin (référence fournie), des chercheurs ont identifié StealthServer, un backdoor sophistiqué ciblant à la f...
📖 cyberveille : https://cyberveille.ch/posts/2025-10-16-stealthserver-un-backdoor-go-multiplateforme-attribue-a-apt36-cible-windows-et-linux/
🌐 source : https://blog.xlab.qianxin.com/apt-stealthserver-en/
#APT36 #IOC #Cyberveille

📢 APT36 cible l’Inde : phishing via fichiers .desktop sur Linux pour déployer MeshAgent
📝 Selon Nextron Systems, une campagne sophistiquée attribuée à APT36, rappelant les tactiques d’Operation Sindoor, vise des organisa...
📖 cyberveille : https://cyberveille.ch/posts/2025-08-31-apt36-cible-linde-phishing-via-fichiers-desktop-sur-linux-pour-deployer-meshagent/
🌐 source : https://www.nextron-systems.com/2025/08/29/sindoor-dropper-new-phishing-campaign/
#APT36 #IOC #Cyberveille

In the lead-up to #APNIC60, where Chief Technical Officer Leslie Daigle will give a keynote address, we’re publishing a series of articles that address regionally meaningful threats beyond the well-documented Chinese-origin attacks. Each case offers a different lens on the threat landscape—ranging from geopolitical motivations to financial disruption and targeted espionage. Our goal is to provide context, elevate regional perspectives, and set the stage for deeper discussion during the keynote.

This is the first in that series, covering #APT36, a believed Pakistani state-aligned group that systematically exploits Internet service provider networks to launch cyber operations against Indian targets.

Between April and August 2025, AIDE captured 116,374 incidents on Indian sensors across 75 Autonomous System Numbers (ASNs) based in Pakistan.

The findings show how APT36 abused ISP infrastructure, deployed multi-architecture malware, and exploited routing security gaps at scale.

Read all about what we found, and stay tuned for the next installment.

https://globalcyberalliance.org/aide-data-apt36/

#threatintelligence #threatintel #cybersecurity #AIDE #research #malware #routingsecurity

🚨 New campaign alert! Pakistani APT36 hackers exploit Linux .desktop files to deliver malware via phishing ZIPs disguised as PDFs. Targets include Indian government & defense sectors. Stealthy persistence with Go-based ELF malware & WebSocket comms for espionage. Stay vigilant! 🔐🖥️

#CyberSecurity #Linux #APT36 #Malware #Infosec #Phishing #Espionage #LinuxSecurity #newz

📌 Transparent Tribe (APT36) has leveled up.
Their phishing campaigns now use malicious Linux & Windows desktop shortcuts to break into Indian government systems.
➡️ Fake PDF → Malware → Persistence → Data theft.
👀 Do you think orgs are ready for attacks that adapt across platforms?
💬 Share in the comments & follow @technadu for more cyber insights.

#TransparentTribe #APT36 #Linux #BOSS #CyberEspionage #Phishing #IndianGovt

Pakistan-linked #APT36 abuses Linux .desktop files to drop custom malware in new campaign
https://securityaffairs.com/181513/apt/pakistan-linked-apt36-abuses-linux-desktop-files-to-drop-custom-malware-in-new-campaign.html
#securityaffairs #hacking #malware

📢 APT36 exploite des fichiers .desktop Linux pour charger des malwares contre des cibles indiennes
📝 Selon BleepingComputer, le groupe d’espionnage pakistanais APT36 mène de no...
📖 cyberveille : https://cyberveille.ch/posts/2025-08-24-apt36-exploite-des-fichiers-desktop-linux-pour-charger-des-malwares-contre-des-cibles-indiennes/
🌐 source : https://www.bleepingcomputer.com/news/security/apt36-hackers-abuse-linux-desktop-files-to-install-malware/
#_desktop #APT36 #Cyberveille

🚨 APT36 Linux Malware Campaign
APT36 (Transparent Tribe) is abusing .desktop files in phishing campaigns against 🇮🇳 gov & defense.

📌 Techniques: disguised PDFs, Go-based ELF payloads, cron/systemd persistence, decoy Firefox docs.
Reports: Cyfirma & CloudSEK.

#APT36 #LinuxSecurity #CyberEspionage #Infosec

APT36 hackers abuse Linux .desktop files to install malware in new attacks

APT36 is upping its game—using Linux .desktop files disguised as PDFs to drop malicious code. A clever twist in cyber espionage that's now setting its sights on critical infrastructure. Could your system be next?

https://thedefendopsdiaries.com/apt36s-shift-to-linux-exploiting-desktop-files-for-cyber-espionage/

#apt36
#linuxsecurity
#cyberespionage
#malware
#infosec

#APT36 #Malware #Campaign Using Desktop Entry Files and #GoogleDrive #Payload Delivery - LevelBlue - Open Threat Exchange

https://otx.alienvault.com/pulse/68a78a27909fa2f7e2fab5a6

#Pakistan-linked APT36 (Transparent Tribe) launched a new cyber-espionage campaign targeting #Indian #government and #defense entities. Active in August 2025, the group used phishing ZIP files containing #malicious #Linux “.desktop” shortcuts that downloaded payloads from Google Drive.

📢 CloudSEK signale une forte montée des attaques APT et hacktivistes contre les infrastructures critiques indiennes
📝 Selon CloudSEK, une escalade ma...
📖 cyberveille : https://cyberveille.ch/posts/2025-08-14-cloudsek-signale-une-forte-montee-des-attaques-apt-et-hacktivistes-contre-les-infrastructures-critiques-indiennes/
🌐 source : https://www.cloudsek.com/blog/cybersecurity-in-focus-recent-threats-targeting-india-amid-independence-day-celebrations
#APT36 #APT41 #Cyberveille

Apt36: A Phishing Campaign Targeting Indian Government Entities
#APT36
https://www.cyfirma.com/research/apt36-a-phishing-campaign-targeting-indian-government-entities/

Pakistan’s #APT36 Transparent Tribe targets Indian defence sector with new #Linux malware using fake PowerPoint files to breach BOSS Linux systems.

Read: https://hackread.com/pakistan-transparent-tribe-indian-defence-linux-malware/

#CyberSecurity #CyberAttack #Pakistan #India #TransparentTribe #Linux

Blind Eagle (APT-C-36) is back, targeting gov & financial institutions in Latin America.

➡️ Phishing + WebDAV
➡️ NTLM hash theft
➡️ 65MB+ data exfil
➡️ Dynamic DNS C2 ops

Paxion Cyber stops full-chain attacks.
#CyberSecurity #APT36 #PaxionCyber #Phishing #CyberTip #Friday

🚨 New ClickFix campaign alert! 🚨 This evolving cyberattack now targets both Windows & Linux users by tricking them into running malicious console commands under the guise of “browser updates” or CAPTCHA tests. 🖥️🔒 Currently harmless but watch out! Threat actor: APT36 (Pakistan). Stay safe & informed! 🔐 #CyberSecurity #ClickFix #Linux #Windows #APT36 #InfoSec #TechRadar #newz

#APT36

Client Info