TL;DR
APT36 and SideCopy are launching multi-platform RAT campaigns against Indian entities, compromising both Windows and Linux systems. Malware families such as Geta RAT, Ares RAT, and DeskRAT are involved in these attacks.
What happened
['APT36 and SideCopy target the Indian defense sector and government-aligned organizations', 'Campaigns deploy cross-platform RAT malware on Windows and Linux environments', 'Malware steals sensitive data and maintains persistent access to infected machines']
Why it matters for ops
['Stealthy nature of RATs makes them hard to detect', 'Sophistication in attack vectors allows targeting of both major OS types', 'Infection can go undetected for long periods, compromising security continuously']
Mitigation
- Implement strict access controls for sensitive data
- Use advanced endpoint protection solutions with behavioral analytics
- Regularly patch and update systems against known vulnerabilities
- Enhance network monitoring to detect unusual outbound communications
Action items
- Conduct thorough security audits of Windows and Linux environments
- Review firewall rules to block suspicious traffic patterns
- Increase scrutiny on data exfiltration attempts via network analysis
- Educate employees about the risks of cross-platform malware
Detection IOCs
- Geta RAT malware signatures
- Ares RAT activities on network traffic
- DeskRAT infection patterns
- Unusual outbound connections from compromised hosts
Source link
https://thehackernews.com/2026/02/apt36-and-sidecopy-launch-cross.html