Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries
Feb 16, 2023
Advanced Persistent Threat
The prolific SideWinder group has been attributed as the nation-state actor behind attempted attacks against 61 entities in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021. Targets included government, military, law enforcement, banks, and other organizations, according to an exhaustive report published by Group-IB, which also found links between the adversary and two other intrusion sets tracked as Baby Elephant and DoNot Team . SideWinder is also referred to as APT-C-17, Hardcore Nationalist (HN2), Rattlesnake, Razor Tiger, and T-APT4. It's suspected to be of Indian origin, although Kaspersky in 2022 noted that the attribution is no longer deterministic. The group has been linked to no less than 1,000 attacks against government organizations in the Asia-Pacific region since April 2020, according to a report from the Russian cybersecurity firm early last year. Of the 61 potential targets compiled by Group-IB, 29 of them are located