Phishing Attack: Deploying Malware on Indian Defense BOSS Linux

SUMMARY :

APT36, a Pakistan-based threat actor, has launched a sophisticated cyber-espionage campaign targeting the Indian defense sector. The group has adapted its tactics to focus on Linux-based environments, particularly BOSS Linux, used by Indian government agencies. The attack involves phishing emails with a ZIP file containing a malicious .desktop file. When executed, it downloads a legitimate PowerPoint file as a decoy while simultaneously deploying a malicious ELF binary. This multi-stage approach aims to bypass user suspicion and evade traditional security measures. The campaign signifies an advancement in APT36's capabilities and poses an increased risk to critical government and defense infrastructure. Organizations using Linux-based systems are advised to implement robust cybersecurity controls and threat detection mechanisms to mitigate potential risks.

OPENCTI LABELS :

cyber-espionage,phishing,transparent tribe,apt36,indian defense,.desktop file,boss linux,elf binary,boss.elf


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Phishing Attack: Deploying Malware on Indian Defense BOSS Linux