Transparenttribe targets indian military organisations with deskrat

Intel Name: Transparenttribe targets indian military organisations with deskrat

Date of Scan: October 27, 2025

Impact: High

Summary:
In mid-2025, TransparentTribe (APT36), a Pakistan-linked cyber espionage group, launched a phishing campaign targeting Indian government and defense organizations, focusing on Linux-based systems. The campaign used malicious DESKTOP files within ZIP archives to deploy a Golang-based remote access trojan (RAT) called DeskRAT. Upon execution, the malware downloaded, decoded, and ran a payload, while displaying a decoy PDF to appear legitimate. DeskRAT then established command-and-control communication via WebSocket, enabling remote access and data theft. This activity highlights TransparentTribe’s evolving tactics and growing focus on Linux environments in its espionage operations against Indian military entities.

More Details