In response to escalating cyber threats from the Pakistan-linked hacking group APT36, the Chandigarh Police Cyber Cell has sounded a nationwide alert. Known for its relentless espionage campaigns targeting Indian defence and critical sectors, APT36 is now being flagged as a serious danger to national security and digital integrity.
A Shadow Network Intensifies Espionage Campaigns
Chandigarh Police’s Cyber Cell has raised red flags over renewed activity by the Pakistan-based Advanced Persistent Threat group APT36, also known as Transparent Tribe. According to senior cybercrime officials, this group has a long-standing record of cyber espionage against India, specifically targeting military personnel, government departments, think tanks, and diplomatic missions.
Authorities say the alert comes after detecting a spike in phishing campaigns and malware-laced communications traced back to APT36’s infrastructure. These campaigns often masquerade as official government communication, defense updates, or even COVID-19 advisories to dupe unsuspecting victims. In the past, fake domains resembling Indian government portals and spoofed email IDs have been used to harvest credentials and gain persistent access to internal networks.
The Chandigarh Police cyber unit, backed by inputs from national agencies, believes APT36’s activity is aimed at gathering strategic intelligence, potentially disrupting critical operations and exploiting geopolitical tensions.
Targets Include Military, Academia, and Infrastructure
APT36 has evolved significantly in both scope and sophistication. Cybersecurity experts describe the group’s toolkit as consisting of custom-made Remote Access Trojans (RATs), Android spyware, and social engineering techniques tailored to exploit specific psychological and operational weaknesses in Indian institutions.
Its most notorious campaigns have involved spear-phishing attempts on Indian Army officials, with attackers embedding malware into defense-related documents and compromising secure email threads. The group has also been linked to infiltration attempts at Indian research organizations and power grid companies — a signal that the threat has expanded from surveillance to potential sabotage.
Researchers have found that APT36 frequently updates its malware arsenal. The group uses tools like Crimson RAT and CapraRAT — malware capable of stealing keystrokes, taking screenshots, recording audio, and hijacking webcams, posing an existential risk to national data integrity.
ALSO READ: OEMs Invited to Showcase Tech Solutions to Police and LEAs
Cyber Hygiene: The First Line of Defense
The Chandigarh Police advisory emphasizes a series of digital hygiene measures to counteract APT36’s tactics. These include:
- Avoiding suspicious email attachments or links, especially those with national security keywords.
- Verifying the authenticity of sender identities before engaging.
- Updating operating systems and antivirus software regularly.
- Employing endpoint protection systems and firewall configurations.
- Training employees in recognizing social engineering red flags.
Officials have also urged organizations particularly those in defense, research, and infrastructure to conduct regular audits, implement Multi-Factor Authentication (MFA), and segregate critical systems from internet-facing environments.
“APT36 is not just a cybercriminal syndicate; it’s a geopolitical threat actor. Its objective is not merely financial theft but long-term strategic compromise,” said a senior cyber analyst familiar with the threat landscape.
