Pakistan-linked threat actor SideCopy, with documented overlap with APT36, has deployed Xeno RAT v1.8.7, DeskRAT, and a Golang ELF implant against Afghanistan’s Ministry of Finance in a targeted espionage operation. Organizations tracking South Asian threat actors, operating in the region, or sharing intelligence infrastructure with Afghan government counterparts face elevated risk of related activity.