Security News > 2023 > May > State-Sponsored Sidewinder Hacker Group's Covert Attack Infrastructure Uncovered
Cybersecurity researchers have unearthed previously undocumented attack infrastructure used by the prolific state-sponsored group SideWinder to strike entities located in Pakistan and China.
SideWinder has been known to be active since at least 2012, with attack chains primarily leveraging spear-phishing as an intrusion mechanism to obtain a foothold into targeted environments.
More recently, the nation-state group was observed leveraging a technique known as server-based polymorphism in evasive attacks targeting Pakistani government organizations.
Another LNK file that was uploaded to VirusTotal around the same time from Kathmandu employs a similar method to fetch an HTA file from a domain masquerading as a Nepalese government website.
Further investigation into SideWinder's infrastructure has led to the discovery of a malicious Android APK file that was uploaded to VirusTotal from Sri Lanka in March 2023.
In all, the domains point to SideWinder setting its sights on financial, government, and law enforcement organizations, as well as companies specializing in e-commerce and mass media in Pakistan and China.
News URL
https://thehackernews.com/2023/05/state-sponsored-sidewinder-hacker.html
Related news
- US charges Chinese hackers linked to critical infrastructure breaches (source)
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Russian hackers attack Western military mission using malicious drive (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- State-sponsored hackers embrace ClickFix social engineering tactic (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)