Full Report
Pakistan’s APT36 Transparent Tribe uses phishing and Linux malware to target Indian defence systems running BOSS Linux says Cyfirma.
Analysis Summary
# Threat Actor: Transparent Tribe (APT36)
## Attribution & Identity
**Attribution:** Pakistan-linked Advanced Persistent Threat (APT) group.
**Aliases:** APT36.
## Activity Summary
The threat actor, identified as Pakistan’s Transparent Tribe (APT36), was observed targeting Indian defence systems. The primary method involved using phishing techniques to deploy malware specifically targeting Linux operating systems running the BOSS Linux distribution.
## Tactics, Techniques & Procedures
- Initial Access via Phishing.
- Deployment of Linux-specific malware.
- The article mentions targeting systems running BOSS Linux.
## Targeting
- **Sectors:** Defence (specifically Indian defence systems).
- **Geography:** India (target country). Pakistan (implied source/attribution).
- **Victims:** Entities within the Indian defence sector utilizing BOSS Linux.
## Tools & Infrastructure
- **Malware families used:** Linux Malware (specific name not provided in the excerpt).
- **Infrastructure (C2, domains, IPs - defang URLs):** Not detailed in the provided text.
## Implications
Transparent Tribe continues to demonstrate clear nation-state objectives by focusing cyber espionage efforts against a key strategic rival (India's defense sector), utilizing tailored malware (Linux variant) to bypass common Windows-centric defenses.
## Mitigations
- Implement advanced email filtering to counter phishing attacks.
- Ensure robust security controls and monitoring for Linux endpoints, especially those running specialized distributions like BOSS Linux.
- Harden security posture specifically around defense infrastructure.