Kevin Townsend
Indian government and defense organizations are being targeted by multiple espionage campaigns delivered by the Pakistan-attributed Transparent Tribe (aka APT36), according to a newly released threat report.
These campaigns target both Windows and Linux. One active campaign employs GETA RAT (often specifically attributed to the SideCopy subgroup of Transparent Tribe). It is a dot-NET RAT that abuses legitimate Windows components (including mshta.exe, XAML deserialization, and in-memory payload execution) to avoid signature based detection.
Persistence is achieved by layered startup mechanisms that ensure continued access. “The result,” writes Aditya Sood, VP of security engineering and AI strategy at Aryaka in a report-accompanying blog, “is a lightweight but durable foothold, well-suited for extended reconnaissance and intelligence gathering.”
No comments:
Post a Comment