Technology

Cyber criminals’ group “Sidewinder” targets Pakistan with new espionage tool

Published by
Staff Reporter

ISLAMABAD: SideWinder, also known as T-APT-04 or RattleSnake, is one of the most prolific APT groups that started operations in 2012. Over the years, it has primarily targeted military and government entities in Pakistan, Sri Lanka, China, and Nepal, as well as other sectors and countries in South and Southeast Asia.

Targets include government and military entities, logistics, infrastructure, and telecommunications companies, financial institutions, universities, and oil trading companies.

Recently, the Kaspersky Global Research and Analysis Team (GReAT) has detected that the SideWinder APT group is expanding its attack operations into the Middle East and Africa, utilizing a previously unknown espionage toolkit called ‘StealerBot’.

Kaspersky discovered that recent campaigns were targeting high-profile entities and strategic infrastructures in these regions, while the campaign, in general, remains active and may target other victims.

Besides the geographical expansion, Kaspersky discovered that SideWinder is using a previously unknown post-exploitation toolkit called ‘StealerBot’.

This is an advanced modular implant designed specifically for espionage activities. During its latest investigation, Kaspersky observed that StealerBot is performing a range of malicious activities, such as installing additional malware, capturing screenshots, logging keystrokes, stealing passwords from browsers, intercepting RDP (Remote Desktop Protocol) credentials, exfiltrating files, and more.

“In essence, StealerBot is a stealthy espionage tool that allows threat actors to spy on systems while avoiding easy detection. It operates through a modular structure, with each component designed to perform a specific function.

Notably, these modules never appear as files on the system’s hard drive, making them difficult to trace. Instead, they are loaded directly into the memory., says Giampaolo Dedola, lead security researcher at Kaspersky’s GReAT.

Kaspersky first reported on the group’s activities in 2018. This actor is known to rely on spear-phishing emails as its main infection method, containing malicious documents exploiting Office vulnerabilities and occasionally making use of LNK, HTML, and HTA files that are contained in archives.

The documents often contain information obtained from public websites, which is used to lure the victim into opening the file and believing it to be legitimate. Kaspersky observed several malware families being used within parallel campaigns, including both custom-made and modified, publicly available RATs.

To mitigate threats related to APT activities, Kaspersky experts recommend equipping your organization’s information security experts with the latest insights and technical details, such as from the Kaspersky Threat Intelligence Portal.

Use robust solutions for endpoints and to detect advanced threats on the network, such as Kaspersky Next and Kaspersky Anti Targeted Attack Platform. Educate employees to recognize cybersecurity threats such as phishing letters.
Read more on Securelist.

Staff Reporter

Recent Posts

When will Safar moon be sighted? SUPARCO predicts

ISLAMABAD: According to Pakistan Space and Upper Atmosphere Research Commission (SUPARCO), the new moon of…

43 minutes ago

11 died as house collapses in Kohat after heavy rains

KOHAT: A residential house collapsed due to heavy rain in the Malgin area of ​​Lachi…

1 hour ago

Alternative to the Strait of Hormuz Ready: UAE Decides to Build New Port

ABU DHUBAI: The United Arab Emirates has prepared a plan to establish a new multi-purpose port…

1 hour ago

Afghan Women’s refugee team could Play International matches by 2030

DUBAI: The International Cricket Council (ICC) is considering plans that could allow the Afghan women's…

2 hours ago

US-Iran tensions spark fears of fuel price hike in Pakistan

ISLAMABAD: Escalating tensions between the United States and Iran have once again unsettled global oil…

2 hours ago

ICC Arbitration Puts Pakistan’s Energy Sector Under Pressure

ISLAMABAD: Pakistan's energy sector is headed for another high-stakes international commercial arbitration, with Petrosin CNG…

3 hours ago