About the incident APT36 usually focuses on using the same TTP (tactics, techniques, and procedures) except in a few cases where it uses different strategies for unique programs.
Some key highlights-According to the reports, APT36 has sharpened its tools and activities. It involves attacking campaigns on a much larger scale and specifically targeting Afghanistan.
Usually, APT36 uses 'custom.net' malware, commonly known as 'crimson rat.' APT36 has been using other malware recently, including python-based 'Peppy rat.'
In the period between June2019-June2020, 200 samples were collected, which showed the Transparent Tribe Commission's components.
Mode of operation APT36 uses spear-phishing emails containing MS-Office files, which are encoded with the malware. After successful execution, the malware can steal sensitive information, private credentials, capture screenshots, steal logs and keys, and regulate the microphone and webcam.
Besides this, APT36 also uses the USBworm. It is a multipurpose malware that can steal information and function as a worm to attack any network and exploit vulnerabilities.
APT36 attacks
APT36 attacked Indian railways in June and stole important informationEarlier this year, APT36 deployed spear-phishing emails, posing to work as an authentic communication of government of India
Cybersecurity experts have observed that APT36's primary targets include military and diplomacy from the past one year. According to them, the attacks will not decrease in the foreseeable future; on the other hand, they expect it to rise. ..
Support the originator by clicking the read the rest link below.