Summary: The SideWinder APT group has intensified its cyber-espionage efforts, specifically targeting maritime and nuclear sectors, while continuously evolving its malware and persistence strategies. Kaspersky Labs highlights notable increases in attacks across South and Southeast Asia, the Middle East, and Africa, as the group demonstrates refined techniques to maintain operational stealth. Their tactics include rapid malware adaptation and sophisticated evasion methods, focusing on critical infrastructure entities.
Affected: Maritime and Nuclear Sectors
Keypoints :
- SideWinder’s malware adapts quickly, often launching new versions within five hours of detection.
- The primary infection method is spear-phishing with malicious DOCX files exploiting CVE-2017-11882.
- Recent targets have expanded from government agencies to include critical industries like nuclear power and maritime logistics.
- SideWinder employs advanced persistence techniques, leveraging tools like the Backdoor Loader and StealerBot for espionage and network reconnaissance.
- JavaScript loaders are used to avoid detection, running checks on system specifications and security measures before payload delivery.
Source: https://securityonline.info/sidewinder-apt-group-maritime-nuclear-targets-evolved-malware/