CyberSecurityBoard
Sponsor Register Login

APT36 Hackers Weaponizing PDF Files to Attack Indian Railways, Oil & Government Systems

The Pakistan-linked Advanced Persistent Threat (APT) group APT36, also known as Transparent Tribe, has significantly expanded its cyber operations beyond traditional military targets to encompass critical Indian infrastructure including railway systems, oil and gas facilities, and key government ministries. The researchers uncovered two distinct attack variants, each employing separate command and control infrastructure to maintain operational security and provide redundancy against defensive countermeasures. The campaign specifically targets high-value entities including the Ministry of External Affairs, Indian Railways infrastructure, and energy sector organizations, indicating a strategic focus on disrupting critical national services. The attack methodology centers on the deployment of the Poseidon backdoor, a sophisticated malware built on the open-source Mythic command and control framework using the Go programming language. This escalation represents a concerning shift in the threat landscape, as the group demonstrates increasingly sophisticated attack methodologies designed to penetrate and persist within India’s most sensitive operational networks. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The threat actors have refined their attack arsenal by weaponizing seemingly innocuous PDF documents through a deceptive technique involving malicious .desktop files. Upon execution, these files deploy sophisticated evasion techniques including extended sleep timers and environment detection to bypass dynamic analysis systems. Malicious payloads are strategically placed in system directories using names like “emacs-bin” and “crond-98” to blend with legitimate system processes, significantly complicating detection efforts. This illustrates the first attack variant’s execution flow, while the second one shows the redundant infrastructure approach of the second variant. The Poseidon backdoor communicates with dedicated C2 servers at 178.128.204.138 and 64.227.189.57, both hosted on DigitalOcean infrastructure, utilizing port 7443 for secure command transmission. This backdoor provides the attackers with comprehensive system access, enabling credential harvesting, lateral movement capabilities, and persistent surveillance of compromised networks.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 01 Aug 2025 12:05:24 +0000


Cyber News related to APT36 Hackers Weaponizing PDF Files to Attack Indian Railways, Oil & Government Systems

APT36 Hackers Weaponizing PDF Files to Attack Indian Railways, Oil & Government Systems - The Pakistan-linked Advanced Persistent Threat (APT) group APT36, also known as Transparent Tribe, has significantly expanded its cyber operations beyond traditional military targets to encompass critical Indian infrastructure including railway ...
2 months ago Cybersecuritynews.com APT3 Transparent Tribe
CVE-2021-36845 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions < 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. ...
4 years ago
How an Indian startup hacked the world - Reuters previously named Appin in a story about Indian cyber mercenaries published last year. This report paints the clearest picture yet of how Appin operated, detailing the world-spanning extent of its business, and international law enforcement's ...
1 year ago Reuters.com
Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions - Middle East oil and gas operators will need to be vigilant about the risk of cyberattacks as the Israel-Gaza conflict continues, security experts warn, or else risk energy supply disruption globally. A recent report by S&P Global Ratings found that ...
1 year ago Darkreading.com
SideCopy Exploiting WinRAR Flaw in Attacks Targeting Indian Government Entities - The Pakistan-linked threat actor known as SideCopy has been observed leveraging the recent WinRAR security vulnerability in its attacks targeting Indian government entities to deliver various remote access trojans such as AllaKore RAT, Ares RAT, and ...
1 year ago Thehackernews.com CVE-2023-38831 APT3 SideCopy Transparent Tribe
APT36 Hackers Attacking Indian BOSS Linux Systems - APT36, a notorious hacking group, has been actively targeting Indian BOSS Linux systems, posing significant cybersecurity threats to critical infrastructure. This group employs sophisticated tactics to infiltrate and compromise these systems, aiming ...
1 month ago Cybersecuritynews.com APT36
Hackers Weaponizing Pahalgam Attack Themed Decoys to Attack Indian Government Personnel - In a sophisticated cyber espionage campaign, threat actors are actively targeting Indian government personnel using decoy documents referencing the recent Pahalgam attack. The malware campaign appears specifically tailored to compromise sensitive ...
5 months ago Cybersecuritynews.com
EFF Helps News Organizations Push Back Against Legal Bullying from Cyber Mercenary Group - For the last several months, there has emerged a campaign of bullying and censorship seeking to wipe out stories about the mercenary hacking campaigns of a less well-known company, Appin Technology, in general, and the company's cofounder, Rajat ...
1 year ago Eff.org
25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
3 months ago Cybersecuritynews.com
Lawmakers: Ban TikTok to Stop Election Misinformation! Same Lawmakers: Restrict How Government Addresses Election Misinformation! - In a case being heard Monday at the Supreme Court, 45 Washington lawmakers have argued that government communications with social media sites about possible election interference misinformation are illegal. Just this week the vast majority of those ...
1 year ago Eff.org
The Unlikely Romance of Hackers and Government Suitors - The annual Hack the Capitol event brings together a diverse group of scientists, hackers, and policymakers to educate congressional staffers, scholars, and the press about the most critical cybersecurity challenges facing our nation. Hack the Capitol ...
1 year ago Darkreading.com
Apple alert: India opposition says government tried to hack phones - Some Indian opposition leaders have accused the government of trying to hack into their phones after receiving warning messages from Apple. Apple's alert said it believed the recipient was "Being targeted by state-sponsored attackers". He added that ...
1 year ago Bbc.com
Pakistan APT Hackers Create Weaponized IndiaPost Website to Attack Windows & Android Users - The attackers employed strategic infrastructure, including IP address 88[.]222[.]245[.]211, which resolves to the suspicious domain email[.]gov[.]in[.]gov-in[.]mywire[.]org, a known tactic of Pakistan-based APT groups attempting to impersonate Indian ...
6 months ago Cybersecuritynews.com APT3 Transparent Tribe
APT36 hackers abuse Linux desktop files to install malware - APT36, a notorious hacker group, has been observed exploiting Linux desktop files to deploy malware, marking a significant evolution in their attack strategies. This group, known for targeting various sectors, leverages the manipulation of Linux ...
1 month ago Bleepingcomputer.com APT36
Operation HollowQuill Weaponizing PDF Documents to Infiltrate Academic & Government Networks - A sophisticated cyber espionage campaign dubbed “Operation HollowQuill” has been uncovered targeting academic institutions and government agencies worldwide through weaponized PDF documents. Once opened, these documents silently deploy a ...
6 months ago Cybersecuritynews.com
How Hackers Interrupted GTA 5 Online Gameplay on PC - Recently, a cyber-attack on Grand Theft Auto 5 Online on PC caused an interruption to thousands of players’ gameplays. The game was completely taken offline and players couldn’t even access the main gameplay menu. The attack caused an uproar ...
2 years ago Hackread.com
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
2 years ago Bleepingcomputer.com
What Should We Expect for State and Local Government IT Priorities in 2024? - As we wrap up 2023, it is a great time to reflect on the current state of technology in state and local governments and look ahead to the priorities for the coming year. Maintaining the security of networks and the data they carry continues to be the ...
1 year ago Feedpress.me
Cybersecurity Crisis Looms: FBI Chief Unveils Chinese Hackers' Plan to Target US Infrastructure - As the head of the FBI pointed out Wednesday, Beijing was positioning itself to disrupt the daily lives of Americans if there was ever a war between the United States and China if it were to plant malware to damage civilian infrastructure. U.S. ...
1 year ago Cysecurity.news Volt Typhoon
Indian Government Warns Social Media Platforms Over Deepfake Misinformation - In a strong statement directed at social media platforms, the government of India has emphasized the critical need for swift identification and removal of misinformation, including deepfakes, or risk facing legal consequences. This warning follows a ...
1 year ago Cysecurity.news
Chinese Earth Krahang hackers breach 70 orgs in 23 countries - A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries. According to Trend Micro researchers monitoring the ...
1 year ago Bleepingcomputer.com CVE-2023-32315 CVE-2022-21587 Earth Lusca GALLIUM
Hackers Fix Polish Train Glitch, Face Legal Pushback by the Manufacturer - In a recent cybersecurity incident, three Polish hackers achieved success in repairing the malfunctioning software of a train, initially serviced by independent repair shops for a regional rail operator. The narrative took a twist when accusations ...
1 year ago Hackread.com
Roundtable: Is DOGE Flouting Cybersecurity for US Data? - So far, Musk and his Department of Government Efficiency (DOGE) have accessed the computer systems of the Department of Treasury, as well as classified data from the US Agency for International Development (USAID) and the Office of Personnel ...
7 months ago Darkreading.com
Cyberattack on North Carolina county allowed hackers to access data - A cyberattack on a North Carolina county has forced officials to call in the state's national guard for assistance. In a message to residents on Tuesday, Bladen County said it became the victims of a cyberattack last week. The county - tucked in the ...
1 year ago Therecord.media
Fortifying cyber defenses: A proactive approach to ransomware resilience - Ransomware has become a pervasive threat, compromising the security and functionality of vital systems across the United States. While governmental pledges and public declarations of intent to fight cybercrime are foundational, they often lack the ...
1 year ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)