Security News > 2022 > March > Hackers use modified MFA tool against Indian govt employees
A new campaign from the hacking group tracked as APT36, aka 'Transparent Tribe' or' Mythic Leopard,' has been discovered using new custom malware and entry vectors in attacks against the Indian government.
The particular threat actor has been active since at least 2016, based in Pakistan, and its targets have historically been almost exclusively Indian defense and government entities.
The most interesting aspect of the new campaign is the use of laced Kavach authentication apps targeting employees of the Indian government.
The app is used extensively by military personnel or employees of the Indian government that need to access IT resources like email services or databases.
The distribution of the fake Kavach installers is done via counterfeit websites that are clones of legitimate sites of Indian governments, like that of the Defense Service Officers' Institute.
In 2021, APT36 also used ObliqueRAT in very narrow targeting attacks against government personnel, while the infection vector then was emails with VBS-laced documents.