- Indian defense and government organizations have been targeted by sophisticated cyber espionage campaigns since at least February 2026.
- Pakistan-aligned threat groups SideCopy and APT36 are deploying malware like Geta RAT, Ares RAT, and DeskRAT to steal data and maintain persistent access.
- The attacks employ phishing emails with malicious links to deploy multi-stage payloads on both Windows and Linux systems.
- These campaigns focus on stealth and long-term access by using memory-resident techniques and trusted regional infrastructure.
In a cybersecurity development of significant regional concern, India’s defense sector and government-aligned organizations have been subjected to a wave of espionage campaigns using advanced remote access trojans designed for long-term data theft. These operations, occurring as recent as February 2026, are attributed to sophisticated threat actors with suspected ties to Pakistan.
According to a report by Aryaka Vice President Aditya K. Sood, the threat groups Transparent Tribe (APT36) and its subdivision SideCopy are refining their espionage approach without major reinvention. “They are refining it,” Sood noted, emphasizing the actors’ focus on operational stealth and cross-platform capability.
Consequently, their methods leverage initial phishing emails that deliver malicious attachments like Windows shortcuts and PowerPoint Add-Ins. These then trigger multi-stage infection chains that deploy the final malware payloads, a tactic detailed by researcher Sathwik Ram Prakki on social media.
The primary malware includes Geta RAT for Windows, which can harvest credentials, capture screenshots, and exfiltrate data from USB devices. Meanwhile, a Linux variant uses a Go binary to drop a Python-based Ares RAT with similar post-compromise capabilities.
Another campaign, documented by Sekoia and QiAnXin XLab earlier, delivers a Golang malware called DeskRAT via rogue PowerPoint files. This persistent focus underscores an evolving toolkit for high-value targets within India’s strategic and critical infrastructure sectors.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Uniswap Wins: Court Dismisses Bancor Patent Lawsuit
- LayerZero Launches “Zero” Blockchain, DTCC & Citadel
- CoinDesk 20 Index Slides 2.5%: All 20 Assets in the Red
- Exposed Cloud Training Apps Exploited by Attackers
- Coinbase CEO Drops From World’s 500 Richest After Crypto Slump
