"Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which are often attributed to Pakistan-aligned threat clusters tracked as SideCopy and APT36 (aka Transparent Tribe)."
"Common to all the campaigns is the use of phishing emails containing malicious attachments or embedded download links that lead prospective targets to attacker-controlled infrastructure. These initial access mechanisms serve as a conduit for Windows shortcuts (LNK), ELF binaries, and PowerPoint Add-In files that, when opened, launch a multi-stage process to drop the trojans. The malware families are designed to provide persistent remote access, enable system reconnaissance, collect data, execute commands, and facilitate long-term post-compromise operations across both Windows and Linux environments."
Indian defense and government-aligned organizations have been targeted by multiple campaigns that compromise Windows and Linux environments using remote access trojans. Malware families identified include Geta RAT, Ares RAT, and DeskRAT, frequently attributed to Pakistan-aligned clusters SideCopy and APT36 (Transparent Tribe). Attackers use phishing emails with malicious attachments or embedded download links to deliver Windows shortcuts (LNK), ELF binaries, and PowerPoint Add-In files that initiate multi-stage payload execution. One chain uses an LNK to launch mshta.exe and an HTA file containing JavaScript that decrypts a DLL which processes embedded data. The trojans enable persistent access, reconnaissance, data theft, command execution, and long-term post-compromise operations.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]