As per reports, the Cyber Threat Intelligence and Discovery Firm (CYFIRMA), a cybersecurity company, has reportedly attributed this threat with medium confidence to a threat actor called APT36, also known as Transparent Tribe. It is also identified as an advanced persistent threat (APT) group, APT36, that has been identified in a campaign targeting Indian users

The group has reportedly created a fake website mimicking India’s public sector postal system, named postindia[.]site, as Windows users are prompted to download a PDF document, while Android users are served a malicious application package (“indiapost.apk”) file.