APT Attacks Target Indian Government Using SHEETCREEP, FIREPOWER, and MAILCREEP
Essential information
- Published
- 28/01/2026 17:06
- Modified
- 28/01/2026 19:23
- Tags
- 2026-01-28 apt backdoor cloud services firepower generative ai government india mailcreep pakistan sheetcreep
- Related entities
- 19 observables, 3 malware, 8 others
Description
A new campaign targeting Indian government entities was uncovered, utilizing three backdoors: SHEETCREEP, FIREPOWER, and MAILCREEP. These tools leverage legitimate cloud services like Google Sheets, Firebase, and Microsoft Graph API for command and control, enabling the attackers to blend in with normal traffic. The campaign, named Sheet Attack, employed PDFs and malicious LNK files as initial infection vectors. Evidence suggests the use of generative AI in malware development. While sharing similarities with APT36, the campaign's unique characteristics point to either a new Pakistan-linked group or an APT36 subgroup. The attackers demonstrated hands-on-keyboard activity and deployed additional payloads, including a document stealer, to selected targets.