Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Notorious State-Sponsored Hacker Group Stealthy Infrastructure Uncovered

Group-IB’s cybersecurity researchers made a significant discovery, revealing undisclosed attack infrastructure employed by the highly active state-sponsored group SideWinder. Their targets mainly encompassed entities situated in:- 

  • Pakistan
  • China

In a collaborative report, cybersecurity firms Group-IB and Bridewell disclosed the existence of a comprehensive network consisting of 55 domains and IP addresses exploited by the malicious actor.

While the phishing domains that the researchers identify mimic many organizations from various sectors, including the following:-

  • News
  • Government
  • Telecommunications
  • Financial

SideWinder State-Sponsored Hacker Group

Operating since 2012, SideWinder is a long-standing threat actor known for its persistent activity. Their attack strategies heavily rely on spear-phishing techniques to gain unauthorized access to targeted systems.

While recently, it has been observed that SideWinder evasively attacked Pakistani government organizations by using server-based polymorphism.

In the following countries, the government organizations were mimicked by the domains that were identified recently:-

  • Pakistan
  • China
  • India

The WHOIS records of all these domains show identical values with registration details. These domains contain deceptive government-themed files aimed at downloading a subsequent undisclosed payload.

Most of these files originating from Pakistan were uploaded to VirusTotal in March 2023. One of the files is a Microsoft Word document allegedly originating from the Pakistan Navy War College (PNWC).

In late November 2022, a Windows shortcut (LNK) file was discovered and uploaded to VirusTotal from Beijing.

The LNK file is designed to execute an HTA file from a remote server, impersonating the email system of Tsinghua University. It serves the purpose of running an HTML application.

It has been discovered that SideWinder’s infrastructure is laced with a malicious Android APK file (226617) discovered during the further investigation and disguised as “Ludo Game.”

Upon successful installation of this malicious app, it asks users for the following access on their device:-

  • Contacts
  • Location
  • Phone logs
  • SMS messages
  • Calendar

Threat actors could easily monitor the device and harvest sensitive user data by gaining access to such permissions on the Android device.

Organizations should prioritize implementing business email protection solutions to counter SideWinder’s reliance on targeted spear-phishing effectively.

Utilizing threat intelligence solutions proves to be a more practical approach to enhancing indicators of compromise and staying informed about pertinent threats.

By deploying such solutions, organizations can effectively safeguard their systems and networks from the initial vectors employed by SideWinder.

Copyright 2021 Associated Press. All rights reserved.

Source: https://cybersecuritynews.com/sidewinder-state-sponsored-hacker-group/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

In recent findings from Check Point Research, a significant phishing attack targeting more than 40 prominent Colombian companies has been uncovered.  The attackers behind this campaign...

Cyber Security

According to recent reports, a threat actor has compromised the confidential information of 3,200 Airbus vendors. The exposed data includes sensitive details such as...

Cyber Security

A group of Researchers unearthed critical code Proton Mail vulnerabilities that could have jeopardized the security of Proton Mail, a renowned privacy-focused webmail service. ...

Cyber Security

Telegram Messenger offers global, cloud-based instant messaging with several features:- Cybersecurity researchers at Securlist recently found several Telegram mods on Google Play in various...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO