Threat Management, Vulnerability Management, Email security

SideWinder APT attack infrastructure examined

Suspected Indian state-sponsored threat operation SideWinder has been discovered to have an attack infrastructure with 55 phishing domains and IP addresses impersonating organizations in the government, news media, financial, and telecommunications sectors, according to The Hacker News. China, Pakistan, Afghanistan, Sri Lanka, Bangladesh, Singapore, Myanmar, Qatar, and the Philippines were the most frequent targets of SideWinder, which was observed to use domains masquerading Chinese, Pakistani, and Indian government agencies to deploy next-stage payloads, a joint Group-IB and Bridewell report revealed. SideWinder has also leveraged LNK files that facilitate the deployment of HTML applications impersonating a Nepalese government website and Tsinghua University's email system. Moreover, a malicious Android APK file masquerading as a Ludo Game has also been used by the operation to enable device access and act as spyware. "Like many other APT groups, SideWinder relies on targeted spear-phishing as the initial vector. It is therefore important for organizations to deploy business email protection solutions that detonate malicious content," said researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.