Transparent Tribe, also known as APT36, has been observed targeting Indian government systems running both Windows and Linux BOSS through spear-phishing emails that deliver weaponized desktop shortcut files, which download and execute malicious payloads. Transparent Tribe and its sub-cluster SideCopy have a long history of using remote access trojans against Indian institutions, often relying on typo-squatted domains and Pakistan-based servers. Separately, another group, SideWinder, has been linked to credential-theft campaigns across the region, using spoofed login pages designed to mimic official government communications.