28.Lock Globe

APT36 is a highly sophisticated APT (Advanced Persistent Threat) group known for conducting targeted espionage in South Asia and is strongly linked to Pakistan.

While this APT group is known for targeting the following Indian sectors:

  • Government
  • Defense
  • Education

Since 2013, this APT group has been active, and to conduct cyber espionage, it uses the following methods:-

Here below, we have mentioned the resources used by APT36:-

  • Custom-built remote administration tools targeting Windows
  • Lightweight Python-compiled cyber espionage tools serving specific purposes targeting Windows and Linux
  • Weaponized open-source C2 frameworks like Mythic
  • Trojanized installers of Indian government applications like KAVACH multi-factor authentication
  • Trojanized Android apps
  • Credential phishing sites targeting Indian government officials

Zscaler analysts dubbed the Windows backdoor used by APT36 ‘ElizaRAT,’ because of unique strings in observed C2 commands.