Threat Research

Pakistan-linked threat actor APT36 (Transparent Tribe) has shifted to an AI-assisted malware development model known as “vibeware,” generating large volumes of disposable implants using niche programming languages such as Nim, Zig, and Crystal to evade traditional detection....

A sophisticated phishing campaign targeting Indian entities has been attributed to the Chinese Silver Fox APT. The attackers used highly convincing Income Tax–themed lures to deliver malware through a complex kill chain involving DLL hijacking and the modular Valley RAT, enabling long-term persistence....

Nation-state adversaries continue to refine their methods to exploit vulnerabilities across diverse operating environments, making defense far more challenging for government entities. Within this landscape, APT36 (Transparent Tribe) stands out as a persistent threat actor focused on India’s governmental and strategic domains....

Cybercriminals are targeting trucking and freight companies through complex attack chains to steal cargo shipments. Cargo theft has become a multi-million-dollar industry, with digital transformation fueling a surge in cyber-enabled theft. Attackers infiltrate logistics firms and exploit their access to bid on shipments, which they then steal and resell....

In mid-2025, TransparentTribe (APT36), a Pakistan-linked cyber espionage group, launched a phishing campaign targeting Indian government and defense organizations, focusing on Linux-based systems. The campaign used malicious DESKTOP files within ZIP archives to deploy a Golang-based remote access trojan (RAT) called DeskRAT....

The report details a 2025 cyber-espionage campaign by the SideWinder APT group, which targeted diplomatic entities across South Asia, including a European embassy in New Delhi and institutions in Sri Lanka, Pakistan, and Bangladesh....

The team has detected a surge in Android malware posing as Indian RTO apps, targeting Indian users to steal sensitive data. The malware spreads via WhatsApp and SMS with shortened links redirecting to malicious APKs hosted on GitHub or compromised sites. Once installed, it uses phishing pages to steal banking credentials, UPI PINs, and intercepts SMS with financial data....

UAT-8099 is a Chinese-speaking cybercrime group targeting high-value IIS servers in countries like India, Thailand, Vietnam, Canada, and Brazil to conduct SEO fraud and steal credentials, config files, and certificates. They use web shells, Cobalt Strike, and BadIIS malware to manipulate search rankings and maintain persistence....

Our team uncovered a cyber-espionage campaign by APT36 (Transparent Tribe), targeting Indian defense personnel. In a tactical shift, the group now focuses on Linux systems, especially BOSS Linux used by Indian government agencies. Phishing emails deliver a ZIP file containing a malicious .desktop shortcut that executes on user interaction....

APT36, or Transparent Tribe, is a Pakistan-based threat group targeting Indian defense personnel via advanced phishing campaigns. They send emails with malicious PDFs mimicking government documents, leading to fake National Informatics Centre (NIC) login pages. Clicking the fake login triggers a download of a ZIP file containing disguised malware....