Pakistan-linked hackers target Indian government, universities in new spying campaign therecord.media/pakistan-…
A Pakistan-aligned hacker group has launched a new cyber-espionage campaign targeting Indian government, academic and strategic institutions, researchers have found. The campaign has been attributed to APT36, also known as Transparent Tribe, a long-running threat actor accused of spying on Indian government bodies, military-linked organizations and universities.
Researchers at cybersecurity firm Cyfirma said the latest operation begins with spear-phishing emails carrying a ZIP archive containing a malicious file disguised as a PDF. Once opened, the file delivers two malware components, dubbed ReadOnly and WriteOnly. The malware is designed to quietly embed itself on victims’ systems, adjusting its behavior based on which antivirus software is installed.
According to Cyfirma, it can remotely control infected machines, exfiltrate data and carry out persistent surveillance — including taking screenshots, monitoring clipboard activity and enabling remote desktop access. Researchers said the clipboard monitoring feature could also be used to steal or overwrite copied data, potentially allowing attackers to hijack cryptocurrency transactions.
