APT36, a Pakistan-based threat actor, is conducting a cyber-espionage campaign against Indian Government entities, targeting BOSS Linux systems with weaponized .desktop files. The group uses spear-phishing emails to deliver malicious payloads, exploiting the Linux environment to maintain persistent access and evade security controls. The campaign involves sophisticated tactics, including the use of custom malware, command and control servers, and data exfiltration techniques. The attackers leverage newly registered domains and employ various MITRE ATT&CK techniques to execute their operations. This activity demonstrates APT36's increasing sophistication and adaptability in targeting critical government infrastructure.