APT36 intensifies its attacks with the evolution of ElizaRAT

The APT36 cyber threat group, also known as Transparent Tribe, has intensified its espionage campaigns against government, diplomatic and military entities in India through the use of a malware known as ElizaRAT. This malware, initially identified in 2023, has evolved in its communications evasion and control techniques, employing cloud services such as Telegram, Google Drive and Slack to hide its operations. APT36 has deployed multiple versions of ElizaRAT, each designed to collect information from infected devices and communicate with its command and control (C2) server. Recent variants include ApolloStealer, an additional module that focuses on stealing specific files, using an internal database and uploading them to the attacker’s server. Campaigns have spread using phishing methods, with files mimicking official documents, to infect victims’ systems.