The notorious SideWinder threat actor group has launched a new cyberespionage campaign targeting maritime facilities in a specific region. The success of this campaign once again highlights the vulnerability of humans in cybersecurity, as it heavily relies on social engineering tactics.
SideWinder Campaign Targets Maritime Facilities
A recent discovery by researchers from the BlackBerry Threat Research and Intelligence team reveals a malicious campaign by the SideWinder group targeting ports and maritime services. This attack showcases the group’s advanced capabilities and sophisticated infrastructure for precise targeting.
The attack begins with spearphishing tactics, where employees of the target firms are tricked into opening malicious attachments in phishing emails. These attachments often contain sensitive messages that can easily deceive unsuspecting employees.
The malware then infects the target system, establishing a foothold through various stages. Exploiting the known vulnerability CVE-2017-0199, the threat actors aim to target unpatched systems.
This isn’t the first time CVE-2017-0199 has been exploited, as previous threat actors have used it to deploy backdoors against various targets, including crypto startups and air-gapped systems.
For more technical details on the recent SideWinder cyberespionage campaign, refer to the researchers’ blog post.
The victims of this campaign primarily include ports and maritime facilities in the Indian Ocean and Mediterranean Sea, spanning countries like Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and the Maldives.
SideWinder, also known as Razor Tiger, Rattlesnake, and T-APT-04, is a well-known APT group that has been active since 2012. Allegedly originating from India, the state actors frequently target military, government, and business organizations in neighboring countries such as Afghanistan, China, Nepal, and Pakistan.
Share your thoughts in the comments section below.