Security News > 2022 > May > SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years

An "Aggressive" advanced persistent threat group known as SideWinder has been linked to over 1,000 new attacks since April 2020.

"Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attacks and the large collection of encrypted and obfuscated malicious components used in their operations," cybersecurity firm Kaspersky said in a report that was presented at Black Hat Asia this month.

SideWinder's toolset employs several sophisticated obfuscation routines, encryption with unique keys for each malicious file, multi-layer malware, and splitting command-and-control infrastructure strings into different malware components.

The three-stage infection sequence commences with the rogue documents dropping a HTML Application payload, which subsequently loads a.NET-based module to install a second-stage HTA component that's designed to deploy a.NET-based installer.

No fewer than 400 domains and subdomains have been put to use by the threat actor over the past two years.

"This threat actor has a relatively high level of sophistication using various infection vectors and advanced attack techniques," Noushin Shabab of Kaspersky said, urging that organizations use up-to-date versions of Microsoft Office to mitigate such attacks.

News URL

https://thehackernews.com/2022/05/sidewinder-hackers-launched-over-1000.html