Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

APT36 / SideCopy phishing-led campaign targeting Indian defense organizations

Campaign
First reported
Last updated
Happening score
H score 48
1 unique sources, 1 articles

Summary

Hide ▲

A phishing-led APT36 / SideCopy campaign is targeting Indian defense and government-aligned organizations, using cross-platform RATs to steal sensitive data and keep access to infected systems. The operation spans Windows and Linux environments and relies on malicious attachments or embedded download links to seed the intrusion chain.

Related Happenings

Filemanager backdoor delivered on compromised cPanel environments

Malware Activity
First: 11.05.2026 20:54 Last: 11.05.2026 20:54 Sources 1

About this happening: The **Filemanager** backdoor is being deployed on **compromised cPanel/WHM systems**, giving attackers **remote command execution** and shell access. It is delivered through a **s...

Open Happening

Open-OSS/privacy-filter Hugging Face infostealer activity

Malware Activity
First: 11.05.2026 10:05 Last: 11.05.2026 10:05 Sources 1

About this happening: A malicious **Hugging Face repository** called **Open-OSS/privacy-filter** impersonated **OpenAI's Privacy Filter** and delivered a **Rust-based information stealer** to **Windows...

Open Happening

Hugging Face shared-loader supply chain campaign

Campaign
First: 11.05.2026 10:05 Last: 11.05.2026 10:05 Sources 1

About this happening: A **Hugging Face** repository cluster appears to be part of a **broader supply chain campaign** that used **shared loaders** to push a stealer through open-source model downloads....

Open Happening

Malicious LNK GitHub C2 campaign targeting South Korea

Campaign
First: 02.04.2026 16:00 Last: 02.04.2026 16:00 Sources 1

About this happening: A **malicious LNK-file campaign** targeting **users in South Korea** is using **GitHub as C2** to support persistent access on **Windows** systems. The operation relies on **Power...

Open Happening

WhatsApp-delivered VBS Windows infection campaign

Campaign
First: 01.04.2026 14:49 Last: 01.04.2026 14:49 Sources 1

About this happening: A **new WhatsApp-delivered campaign** is spreading malicious **VBS files** that launch a **multi-stage Windows infection chain**, raising the risk of persistence and remote access...

Open Happening

Timeline

  1. 11.02.2026 16:52 2 articles · 3mo ago

    APT36 and SideCopy phishing campaigns target Indian defense-linked organizations

    Initial Disclosure

    APT36 and SideCopy phishing campaigns targeted Indian defense, government, policy, research, critical infrastructure, and defense-adjacent organizations with phishing emails that use malicious attachments or embedded links to deliver Geta RAT, Ares RAT, and DeskRAT across Windows and Linux. The intrusion chains rely on LNK, ELF, HTA, shell-script, and rogue PowerPoint Add-In delivery to establish persistent remote access, collect credentials and system data, capture screenshots, run arbitrary commands, and sustain long-term espionage using compromised or trusted infrastructure.

    Show sources
    Open in new tab