Summary: An advanced persistent threat (APT) group known as SideWinder has been targeting maritime and logistics companies across South and Southeast Asia, the Middle East, and Africa, as well as various diplomatic entities. The group uses sophisticated techniques, including a modular post-exploitation toolkit named StealerBot, to capture sensitive information and evade detection. Their recent cyberattacks utilize spear-phishing tactics leveraging vulnerabilities in Microsoft Office to deploy malware effectively.
Affected: Maritime and logistics companies, nuclear power plants, telecommunication firms, diplomatic entities, and various sectors in Bangladesh, Cambodia, Djibouti, Egypt, UAE, Vietnam, and others.
Keypoints :
- SideWinder has expanded its targeting to include significant regions and sectors, including diplomatic entities and critical infrastructure.
- The group utilizes spear-phishing emails and exploits known vulnerabilities in Microsoft Office to deliver malware.
- Once their tools are detected, SideWinder quickly modifies them to avoid security solutions and maintain persistence on compromised networks.
Source: https://thehackernews.com/2025/03/sidewinder-apt-targets-maritime-nuclear.html