On May 7, 2025, Pakistan-affiliated threat groups APT36 and SideCopy initiated a cyber campaign linked to Operation Sindoor supported by state sponsorship. The operation targeted India's critical infrastructure sectors.

A newly identified APT campaign, dubbed “Swan Vector,” has been targeting educational and mechanical engineering sectors in East Asia, particularly Taiwan and Japan. The campaign employs spearphishing emails with malicious ZIP attachments

The infection chain begins with a malicious RAR archive containing a .NET-based malware dropper disguised as official research invitations from the Ministry of Science and Higher Education of Russia.

The campaign was found distributing Remcos and AsyncRAT via phishing emails with malicious Excel files. These exploit vulnerabilities, download disguised JPGs with encoded payloads, and use process hollowing to steal data and maintain control.

SideCopy is employing phishing tactics and using compromised domains with reused IP addresses to distribute malicious files and deploy malware, including a Linux variant of the Ares RAT, indicating a multi-platform approach in their attacks.