APT36 Phishing Campaign Targets Indian Defense Using Credential-Stealing Malware

Executive Summary

APT36, also known as Transparent Tribe, is a Pakistan-based cyber espionage group that has been actively targeting Indian defense personnel through highly sophisticated phishing campaigns. According to CYFIRMA’s findings, the group disseminates phishing emails containing malicious PDF attachments that are meticulously designed to resemble official government documents.

When a recipient opens one of these PDFs, it displays a blurred background along with a button that imitates the login interface of the National Informatics Centre (NIC). Clicking this button redirects a user to a fraudulent URL and initiates the download of a ZIP archive containing a malicious executable file, which is disguised as a legitimate application.

This campaign highlights APT36’s ongoing emphasis on credential theft and its strategic objective of establishing long-term infiltration within Indian defense networks. The operation highlights the urgent need for robust email security mechanisms, comprehensive user awareness programs, and proactive threat detection and monitoring systems to mitigate such targeted cyber threats.

To read the complete article see: Full Article