Threat Intelligence, Phishing, Vulnerability Management

Sidewinder APT shifts targeting in new intrusions

Red glowing word cyberattack on a black wall surrounded by green random letters cybersecurity concept 3D illustration

Maritime organizations and nuclear energy entities, especially in South Asia, have been increasingly subjected to attacks by suspected Indian state-sponsored advanced persistent threat operation Sidewinder, indicating the group's evolution in targeting after predominantly attacking Chinese, Pakistani, Sri Lankan, and African government and military organizations, The Register reports.

Intrusions conducted by Sidewinder continued to involve the deployment of spear-phishing emails with a DOCX file downloading an RTF file that leverages the Microsoft Office memory corruption vulnerability, tracked as CVE-2017-11882, to deliver the continuously improved Backdoor Loader spreading the StealerBot payload, according to an analysis from Kaspersky.

Despite its dependence on phishing and an old security flaw, Sidewinder has been regarded by Kaspersky researchers to be a sophisticated threat group.

"Sidewinder has already demonstrated its ability to compromise critical assets and high-profile entities, including those in the military and government. We know [of] the group's software development capabilities, which became evident when we observed how quickly they could deliver updated versions of their tools to evade detection, often within hours," researchers added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds