APT36 Targets Indian Defense Research And Development Organization (DRDO)

March 29, 2023

A recent APT36 campaign began with spam email which contained a link to a malicious file hosted on a compromised website. Mshta.exe was then used to connect to a specific URL and execute a Microsoft HTML Application file which decoded and decompressed a PowerPoint file within a temporary folder. The PPT file then loaded a DLL file into memory which was triggered using the DynamicInvoke method. The final payload was remote access trojans used to exfiltrate sensitive information including clipboard data screenshots keystrokes and a list of files and folders.

Featured Resources

View More Resources

blog

Shai-Hulud 2.0: NPM Supply Chain Attack Exposes the SDLC's Weakest Link

Idan Sherman, Security Researcher Executive summary The "Shai-Hulud" supply chain campaign has returned, striking harder and smarter than before. This

blog

Top 5 Must-Have Features in an Exposure Management Platform

Security teams are under growing pressure to reduce risk faster and prove resilience continuously. Attack surfaces expand with every new

Solution Brief

Continuous Wiz Validation and Optimization

Make CTEM actionable with continuous threat validation that proves and improves your real-world resilience.

APT36 Targets Indian Defense Research And Development Organization (DRDO)

Featured Resources

Shai-Hulud 2.0: NPM Supply Chain Attack Exposes the SDLC's Weakest Link

Top 5 Must-Have Features in an Exposure Management Platform

<img width="169" height="102" src="https://cymulate.com/uploaded-files/2023/08/Wiz-Defend_Certified-Integration-1.svg" alt="" class="kb-img wp-image-31752"/> Continuous Wiz Validation and Optimization

Continuous Wiz Validation and Optimization