Cloudy With a Chance of RATs: Unveiling APT36 and The Evolution of ElizaRAT
APT36, also known as Transparent Tribe, is a Pakistan-based threat actor which became notorious for persistently targeting Indian government organizations, diplomatic personnel and military facilities. APT36 has executed numerous cyber-espionage campaigns against Windows, Linux, and Android systems.
In a recent campaign, the actor utilized a particularly insidious Windows RAT known as ElizaRAT. First discovered in 2023, ElizaRAT has undergone significant evolution, enhancing its capabilities to evade detection and maintain reliability with its command and control (C&C) communication, a key aspect of its development.
This presentation will focus on the evolution of ElizaRAT, examining the various payloads and infrastructures employed by APT36. We will detail the advantages and limitations of their campaigns and offer a fresh perspective on tracking this threat actor.
Itan Delshad – Check Point Software
Itan is a seasoned threat researcher currently working at CheckPoint’s Research Group (CPR). With 5 years of military experience as a malware researcher and SOC analyst, Itan has a strong foundation in cybersecurity. After transitioning from the military, Itan spent two years in the government sector, where he developed a deep passion for threat intelligence. This journey ultimately led him to his current role at CheckPoint, where he continues to leverage his extensive expertise in the field.