{"id":231162,"date":"2026-02-12T05:30:00","date_gmt":"2026-02-12T11:30:00","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/02\/apt36-and-sidecopy-launch-cross-platform-rat-campaigns-against-indian-entities"},"modified":"2026-02-12T05:30:00","modified_gmt":"2026-02-12T11:30:00","slug":"apt36-and-sidecopy-launch-cross-platform-rat-campaigns-against-indian-entities","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/02\/apt36-and-sidecopy-launch-cross-platform-rat-campaigns-against-indian-entities","title":{"rendered":"APT36 and SideCopy Launch Cross-Platform RAT Campaigns Against Indian Entities"},"content":{"rendered":"

<\/a><\/p>\n

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines.<\/p>\n

The campaigns are characterized by the use of malware families like Geta RAT<\/a>, Ares RAT<\/a>, and DeskRAT<\/a>, which are often attributed to Pakistan-aligned threat clusters tracked as SideCopy and APT36 (aka Transparent Tribe). SideCopy, active since at least 2019, is assessed to operate as a subdivision of Transparent Tribe.<\/p>\n

\u201cTaken together, these campaigns reinforce a familiar but evolving narrative,\u201d Aditya K. Sood, vice president of Security Engineering and AI Strategy at Aryaka, said<\/a>. \u201cTransparent Tribe and SideCopy are not reinventing espionage \u2013 they are refining it.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

Indian defense sector and government-aligned organizations have been targeted by multiple campaigns that are designed to compromise Windows and Linux environments with remote access trojans capable of stealing sensitive data and ensuring continued access to infected machines. The campaigns are characterized by the use of malware families like Geta RAT, Ares RAT, and DeskRAT, which [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,1490,6],"tags":[],"class_list":["post-231162","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-government","category-robotics-ai"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/231162","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=231162"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/231162\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=231162"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=231162"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=231162"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}