Threat Research

Pakistan-linked threat actor APT36 (Transparent Tribe) has shifted to an AI-assisted malware development model known as “vibeware,” generating large volumes of disposable implants using niche programming languages such as Nim, Zig, and Crystal to evade traditional detection....

In mid-2025, TransparentTribe (APT36), a Pakistan-linked cyber espionage group, launched a phishing campaign targeting Indian government and defense organizations, focusing on Linux-based systems. The campaign used malicious DESKTOP files within ZIP archives to deploy a Golang-based remote access trojan (RAT) called DeskRAT....

The report details a 2025 cyber-espionage campaign by the SideWinder APT group, which targeted diplomatic entities across South Asia, including a European embassy in New Delhi and institutions in Sri Lanka, Pakistan, and Bangladesh....

The Confucius group is a long-standing cyber-espionage actor active mainly in South Asia, particularly targeting Pakistan. Since its discovery in 2013, the group has evolved significantly, shifting from early tools like document stealers (e.g., WooperStealer) to more advanced tactics, including Python-based backdoors such as AnonDoor....

APT36, or Transparent Tribe, is a Pakistan-based threat group targeting Indian defense personnel via advanced phishing campaigns. They send emails with malicious PDFs mimicking government documents, leading to fake National Informatics Centre (NIC) login pages. Clicking the fake login triggers a download of a ZIP file containing disguised malware....

SideWinder APT, active since at least 2012 and likely based in India, targets government, military, and financial institutions in South Asia and the Middle East. The group leverages spear-phishing, social engineering, and zero-day exploits for network infiltration. It uses custom malware and backdoors to maintain persistence and exfiltrate sensitive data....

Multiple Russian IP address ranges—masked through VPNs, proxy servers, and VPS infrastructure—are being used in cybercrime operations aligned with North Korea's Void Dokkaebi group (also known as Famous Chollima). These IPs are linked to companies near the North Korea-Russia border and support IT workers operating from countries like China, Russia, and Pakistan....

In early September, the BlackBerry Threat Research and Intelligence team uncovered a cyber espionage campaign targeting the Pakistan Navy. The attack, disguised as an internal IT communication, was found to involve a range of artifacts aimed at delivering a stealthy infostealer....