APT36 Using Customized Malware to Attack Indian Government Linux and Windows Servers
APT36 is a highly sophisticated APT (Advanced Persistent Threat) group known for conducting targeted espionage in South Asia and is strongly linked to Pakistan.
While this APT group is known for targeting the following Indian sectors:
Since 2013, this APT group has been active, and to conduct cyber espionage, it uses the following methods:-
- Credential harvesting
- Malware distribution
Here below, we have mentioned the resources used by APT36:-
- Custom-built remote administration tools targeting Windows
- Lightweight Python-compiled cyber espionage tools serving specific purposes targeting Windows and Linux
- Weaponized open-source C2 frameworks like Mythic
- Trojanized installers of Indian government applications like KAVACH multi-factor authentication
- Trojanized Android apps
- Credential phishing sites targeting Indian government officials
Zscaler analysts dubbed the Windows backdoor used by APT36 ‘ElizaRAT,’ because of unique strings in observed C2 commands.