Threat Actor Targeting Indian Defense Sector | Security Magazine

APT36, a Pakistan-based threat actor, has launched a sophisticated cyber-espionage campaign targeting India’s defence sector, with a notable shift toward Linux-based environments, particularly BOSS Linux—a system widely used by Indian government agencies. According to CYFIRMA, the group uses phishing emails containing malicious .desktop files within ZIP attachments to deploy ELF binaries for unauthorized access, masked by legitimate PowerPoint files. Experts like Shane Barney (Keeper Security) and Jason Soroko (Sectigo) emphasize the evolving threat landscape and call for layered security strategies, including behavioural detection, email security, endpoint visibility, and user awareness. The campaign underscores the need for modern, automated defences capable of identifying multi-stage, deceptive attack vectors.