Cyber Threat Alert: APT36 Targets Indian Defense with a Sophisticated Phishing Campaign!
CYFIRMA has uncovered a targeted cyber-espionage operation by APT36 (Transparent Tribe), a Pakistan-based threat actor. This group is exploiting phishing emails embedded with malicious PDFs mimicking official NIC documents to infiltrate Indian defense systems.
What’s Happening:
· Victims receive a fake “protected” PDF (PO-003443125.pdf).
· Clicking the button redirects to a fraudulent site, downloading a disguised malware-laden ZIP file.
· Upon execution, the malware conducts credential theft, data exfiltration, and persistent access.
· Uses anti-debugging, fileless execution, and clipboard/keylogging techniques.
· Communications were observed with low-reputation C2 domains via encrypted channels.
Key Défense Recommendations:
· Enforce file extension visibility on endpoints.
· Train personnel to detect phishing lures.
· Monitor for anomalous process trees and network traffic.
· Apply proactive threat hunting and behavior-based detection.
APT36’s campaign is a stark reminder of the evolving sophistication of state-sponsored cyber threats. Awareness, detection, and rapid response remain our best defenses.

Link to the Research Report: https://www.cyfirma.com/research/apt36-phishing-campaign-targets-indian-defense-using-credential-stealing-malware/

#CyberSecurity #APT36 #Phishing #ThreatIntel #India #Defense #Infosec #TransparentTribe #CYFIRMA #MalwareAlert #CYFIRMA #CYFIRMAResearch #ExternalThreatLandscapeManagement #ETLM

https://www.cyfirma.com/