The Sidewinder offensive cyber crew, described as a highly prolific APT group, has expanded its targets to include maritime and nuclear organizations, particularly in South Asia. Originally focused on government and military sectors in various regions, Sidewinder's recent activities in Djibouti and Egypt highlight a strategic shift. The group, founded in 2012 and believed to have links to India, continues to employ a consistent attack methodology involving spear-phishing and exploiting vulnerabilities, such as CVE-2017-11882. Notably, their StealerBot implant remains central to their operations even as they refine their tactics.
The attacker sends spear-phishing emails with a DOCX file attached, using remote template injection to download an RTF file that exploits a known vulnerability.
Researchers have noted a shift in Sidewinder's tactics with a growing focus on nuclear energy organizations in South Asia, expanding from previous government and military targets.
Collection
[
|
...
]