Maritime facilities and ports in Bangladesh, Egypt, Myanmar, Nepal, Pakistan, Sri Lanka, and the Maldives have been subjected to spear-phishing attacks by suspected Indian state-sponsored threat operation SideWinder as part of a new cyberespionage campaign, reports The Hacker News.
Attacks by SideWinder, also known as APT-C-17, Razor Tiger, Baby Elephant, and Rattlesnake, involved the delivery of spear-phishing emails with sexual harassment, salary reduction, and employee termination lures that include malicious Word documents, an analysis from the BlackBerry Research and Intelligence Team revealed. Opening the files would trigger exploitation of the CVE-2017-0199 vulnerability to communicate with a Pakistan Directorate General Ports and Shipping-spoofing domain to fetch an RTF file leveraging an old Microsoft Office Equation Editor bug, tracked as CVE-2017-11882, to execute JavaScript code-launching shell code, researchers said. "The SideWinder threat actor continues to improve its infrastructure for targeting victims in new regions. The steady evolution of its network infrastructure and delivery payloads suggests that SideWinder will continue its attacks in the foreseeable future," said BlackBerry.
