In a significant escalation of digital conflict, Pakistan-linked hacking groups are once again actively targeting Indian government and defense entities. A new report from cybersecurity researchers highlights a sophisticated cyber-espionage campaign attributed to the group known as APT36, or “Transparent Tribe,” which has been observed deploying new malware and phishing tactics.
Cybersecurity firms CloudSEK and CYFIRMA have both independently documented the campaign, which began in August 2025. The attacks are notable for their use of malicious Linux desktop shortcut files (.desktop) delivered via spear-phishing emails. These files, disguised as legitimate documents related to procurement and meetings, are designed to trick recipients into downloading and executing payloads from cloud storage services like Google Drive. This marks a strategic shift for the group, which has traditionally focused on Windows systems. The targeting of India’s indigenous Bharat Operating System Solutions (BOSS) Linux demonstrates an increased level of sophistication and adaptability by the threat actors.
APT36 is a well-known advanced persistent threat group with a history of cyber-espionage against Indian institutions, particularly those in the defense sector. Their latest tactics involve a new backdoor, referred to as “Poseidon,” which is capable of system reconnaissance, data exfiltration, and credential harvesting. The campaign also employs sophisticated anti-debugging and anti-sandbox checks to evade detection by traditional security tools.
This surge in cyberattacks follows a period of heightened cross-border tensions, including a brief military conflict in May 2025, codenamed “Operation Sindoor,” which saw a massive spike in cyberattacks targeting India’s critical infrastructure. While many of those attacks were disruptive in nature, such as DDoS attacks that took down government websites, the current campaign appears to be more focused on intelligence gathering and long-term access.
In response to the growing threat, Indian cybersecurity agencies, including the Indian Computer Emergency Response Team (CERT-In), have been working to enhance the country’s digital defenses. Officials in Jammu and Kashmir, a frequent target of such attacks, have issued a directive banning the use of pen drives and public messaging apps for official work to minimize data breaches. The attacks underscore the ongoing digital warfare between the two nations and the need for continuous vigilance and robust cybersecurity measures to protect sensitive national data.
