A group aligned with Pakistani interests, APT36, has been targeting Indian defense organizations, particularly focusing on Linux-based malware as the Indian military transitions from Windows, using ELF binaries for distribution. Researchers believe in the group's connection to the Pakistani government due to various indicators such as the use of a Pakistani IP address, Pakistani time settings, and submission of a file from Multan, Pakistan. A campaign aimed at government agencies and defense industries has been ongoing since late 2023, indicating a persistent threat
The threat cluster used spear-phishing emails, popular web services, and mimicked Indian defense organization domains to distribute malware, posing a long-term security risk. ```https://www.bankinfosecurity.com/pakistani-aligned-apt36-targets-indian-defense-organizations-a-25296