Transparent Tribe, a cyber-espionage group believed to originate from Pakistan and also known as APT36, has stepped up its attacks on Indian government entities by using malicious desktop shortcuts designed to compromise both Windows and BOSS Linux systems.
The latest tactics involve spear-phishing emails featuring fake meeting notices. These emails contain desktop shortcut files disguised as PDF documents (e.g., “Meeting_Ltr_ID1543ops.pdf.desktop”). When recipients attempt to open what appears to be a typical PDF, they instead activate a shell script that initiates the attack chain.
The malicious script fetches a hex-encoded file from an attacker-controlled domain (“securestore[.]cv”), decodes it to an ELF binary, and saves it to the target computer’s disk. During this process, the victim is shown a decoy PDF hosted on Google Drive, launched in Firefox, to avoid suspicion.
The dropped Go-based ELF binary then connects to a command-and-control (C2) server (“modgovindia[.]space:4000”), allowing attackers to issue commands, deliver additional malicious payloads, and steal sensitive
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: