Find notable cyber news and cases, enriched with sources, timelines, and signals.

APT36 / SideCopy phishing-led campaign targeting Indian defense organizations

Campaign
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

A phishing-led APT36 / SideCopy campaign is targeting Indian defense and government-aligned organizations, using cross-platform RATs to steal sensitive data and keep access to infected systems. The operation spans Windows and Linux environments and relies on malicious attachments or embedded download links to seed the intrusion chain.

Related Happenings

GigaWiper / BLUERABBIT destructive Windows backdoor activity

Malware Activity
H score31 First: 09.07.2026 21:08 Last: 09.07.2026 21:08 Sources 1

About this happening: The **GigaWiper / BLUERABBIT** malware activity now combines **disk wiping**, **fake ransomware**, and **spyware backdoor** functions on **Windows**, increasing the chance that on...

QuimaRAT cross-platform Java MaaS remote access trojan

Malware Activity
H score29 First: 06.07.2026 11:13 Last: 06.07.2026 11:13 Sources 1

About this happening: A new **QuimaRAT** **MaaS** offering expands cross-platform malware risk by packaging a modular **Java-based RAT** for **Windows, Linux, and macOS**. The activity matters because...

ClickFix mitigation guidance for Windows and macOS

Defensive Guidance
H score34 First: 30.06.2026 15:00 Last: 30.06.2026 15:00 Sources 1

About this happening: Organizations are being urged to harden defenses against **ClickFix** on **Windows** and **macOS**, reducing the chance that social-engineering lures can turn trusted dialogs into...

Windows cryptocurrency clipper malware using USB LNK worming and Tor C2

Malware Activity
H score29 First: 18.06.2026 17:30 Last: 18.06.2026 17:30 Sources 1

About this happening: A **Windows-based cryptocurrency clipper** has been active since **February 2026**, using **USB-delivered LNK** worming to steal wallet data and reroute payments. The malware adds...

SprySOCKS Windows backdoor activity against government organizations

Malware Activity
H score23 First: 16.06.2026 12:00 Last: 16.06.2026 12:00 Sources 1

About this happening: **SprySOCKS** now has documented **Windows variants**, **WIN_DRV** and **WIN_PLUS**, expanding a toolset first known as a **Linux-only backdoor**. The activity is tied to **govern...

Timeline

  1. 11.02.2026 16:52 2 articles · 4mo ago

    APT36 and SideCopy phishing campaigns target Indian defense-linked organizations

    Initial Disclosure

    APT36 and SideCopy phishing campaigns targeted Indian defense, government, policy, research, critical infrastructure, and defense-adjacent organizations with phishing emails that use malicious attachments or embedded links to deliver Geta RAT, Ares RAT, and DeskRAT across Windows and Linux. The intrusion chains rely on LNK, ELF, HTA, shell-script, and rogue PowerPoint Add-In delivery to establish persistent remote access, collect credentials and system data, capture screenshots, run arbitrary commands, and sustain long-term espionage using compromised or trusted infrastructure.

    Show sources