A naukri.com initiative
Securelist
3w
52
Image Credit: Securelist
SideWinder targets the maritime and nuclear sectors with an updated toolset
- SideWinder, a prolific APT group, targeted military and government entities across South and Southeast Asia, the Middle East, and Africa in 2024.
- They expanded activities to infect maritime infrastructures, logistics companies, and nuclear energy sectors, focusing on countries like Djibouti, Egypt, and South Asia.
- The group constantly updates its toolset, alters infection techniques, and counters security software detections with new malware versions within hours of being identified.
- In 2024, SideWinder extensively targeted maritime and logistics sectors, using spear-phishing emails with malicious DOCX files exploiting CVE-2017-11882 vulnerability.
- The infection flow involved multi-level processes to install malware like 'StealerBot,' designed for espionage purposes.
- Various themed malicious documents, including those related to nuclear power plants and maritime infrastructures, were used in the attacks.
- The malware components included anti-analysis techniques, sophisticated loaders, and updated versions to evade detections.
- SideWinder targeted diverse sectors beyond government and military, affecting industries like telecommunications, consulting, IT services, real estate, and hotels.
- Countries targeted in 2024 include Bangladesh, Cambodia, Indonesia, Myanmar, Pakistan, Sri Lanka, UAE, along with diplomatic entities in Afghanistan, Algeria, China, Saudi Arabia, and others.
- To mitigate SideWinder's threat, patch management, comprehensive security solutions, employee training, and monitoring are recommended to safeguard critical assets against sophisticated attacks.
Read Full Article
3 Likes
For uninterrupted reading, download the app