Marine and logistics companies in South and Southeast Asia, the Middle East and Africa became the object of an advanced threat (APT), called Sidewinder.
The attacks observed by the Caspersorski in 2024 spread to Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates and Vietnam. Other tasks of interest include nuclear power plants and infrastructure in South Asia and Africa, as well as telecommunications, consulting, IT companies, real estate and hotel agencies.
In the form of wider expansion of its mark, Sidewinder also directed diplomatic structures in Afghanistan, Algeria, Bulgaria, China, India, Maldives, Rwan, Saudi Arabia, Turkey and Uganda. Signing India is important as the actor threats previously suspected be an Indian origin.
“It is worth noting that Sidewinder is constantly working on improving their tools, stay ahead of security software, expanding disturbed networks and hide their presence on infected systems,” Jiampoio Dedol and Vasily Berdnikov – NoteDescribing this as “a very advanced and dangerous enemy.”
Previously Sidewinder was the subject a wide analysis A Russian cybersecurity company in October 2024, which documented the use of an actor modular tool after a operation called Steelerbot to capture a wide range of sensitive information from the violated hosts. Targeting the hacking group of the maritime sector was also isolated to BlackBerry in July 2024.
The last chains of the attacks coincide with what has been reported earlier, with emails that act as a pipeCve-2017-1188) To activate the multi -stage sequence in which .Net Downloader called Moduleinstaller is used to eventually run Stealerbot.
Kaspersky said some bait documents are related to nuclear power plants and agencies, while others included content referring to maritime infrastructure and various port bodies.
“They constantly monitor the detection of their security decisions,” Kaspersky said. “Once their tools are identified, they respond, creating a new and modified version of malware, often less than five hours.”
“When behaviors occur, Sidewinder tries to change the methods used to maintain the components of persistence and download. In addition, they change the names and ways of their malicious files.”
