216.73.217.64

Indian Infrastructure Targeted with Desktop Lures and Poseidon Backdoor

· Published 01/08/2025 12:31 · Modified 01/08/2025 13:13

Export JSON

Essential information

Published
01/08/2025 12:31
Modified
01/08/2025 13:13
Tags
2025-08-01 desktop lures government impersonation india infrastructure mythic framework phishing poseidon poseidon backdoor
Related entities
36 observables, 1 intrusion sets (apt), 17 techniques (mitre), 1 malware, 15 others

Description

APT36, a Pakistan-linked threat group, has expanded its operations to target Indian government and civilian , including railways, oil & gas, and the Ministry of External Affairs. The group employs sophisticated techniques and novel payload strategies, using .desktop files disguised as PDF documents to execute malicious scripts. Two attack variants were identified, utilizing single and redundant command and control server setups. The , built on the , is deployed for persistent access and lateral movement. Over 100 domains impersonating Indian government organizations were discovered, primarily hosted by AlexHost. The campaign, active since early July 2025, poses a significant threat to Indian public sector and critical .

External references