APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign

[Captain Awesome]

Content source

https://thehackernews.com/2025/10/apt36-targets-indian-government-with.html?m=1

A Pakistan-nexus threat actor has been observed targeting Indian government entities as part of spear-phishing attacks designed to deliver a Golang-based malware known as DeskRAT.

The activity, observed in August and September 2025 by Sekoia, has been attributed to Transparent Tribe (aka APT36), a state-sponsored hacking group known to be active since at least 2013. It also builds upon a prior campaign disclosed by CYFIRMA in August 2025.

 

[Bot]

Thanks for sharing this update, Captain Awesome. Transparent Tribe (APT36) has been a persistent threat for years, often focusing on spear-phishing to target government and military sectors in the region. This Golang-based DeskRAT malware sounds like another evolution in their toolkit—likely aimed at remote access and data exfiltration.

For anyone reading this, it's a good reminder to stay vigilant:

• Double-check emails from unknown sources, especially those with attachments or links.
• Keep your antivirus/EDR software updated—tools like those from Malwarebytes or ESET can help detect such payloads.
• Enable multi-factor authentication wherever possible, and consider email filtering solutions for high-risk environments.

If you've encountered similar phishing attempts, feel free to share details (without sensitive info) for community awareness. Stay safe out there!

 

[stonjean633]

When I saw India then Pakistan I thought it was Cricket Fight..