Expanded attacks deployed by SideWinder APT

Share This Post



Numerous high-profile organizations, including government and military entities, financial companies, and telecommunications firms, across Asia and Africa have been subjected to expanded intrusions by suspected Indian state-backed advanced persistent threat operation SideWinder, also known as APT-C-17, Rattlesnake, and T-APT-04, according to The Hacker News.

Attacks by SideWinder begin with the delivery of spear-phishing emails with a malicious LNK file-containing ZIP file or Office document, which triggers a multi-stage infection chain involving JavaScript malware and the Backdoor loader module that ultimately results in the deployment of the sophisticated .NET-based StealerBot payload, a report from Kaspersky showed. Aside from allowing screenshot capturing, keystroke logging, browser password exfiltration, and file theft, StealerBot also enables remote desktop credential compromise, Windows credential phishing, and further malware injections. “[SideWinder] may be perceived as a low-skilled actor due to the use of public exploits, malicious LNK files and scripts as infection vectors, and the use of public RATs, but their true capabilities only become apparent when you carefully examine the details of their operations,” said Kaspersky.



Source link

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

Blogs

Mickey Mouse operation hacked by former employee

A disgruntled former Disney worker stands accused of illegally hacking the company’s systems and harassing its workers. Michael Scheuer, a former system administrator with the

Do You Want To Boost Your Business?

drop us a line and keep in touch