#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

SideWinder | Breaking Cybersecurity News | The Hacker News

Category — SideWinder
Researchers Uncover SideWinder's Latest Server-Based Polymorphism Technique

Researchers Uncover SideWinder's Latest Server-Based Polymorphism Technique

May 09, 2023 Advanced Persistent Threat
The advanced persistent threat (APT) actor known as SideWinder has been accused of deploying a backdoor in attacks directed against Pakistan government organizations as part of a campaign that commenced in late November 2022. "In this campaign, the SideWinder advanced persistent threat (APT) group used a server-based polymorphism technique to deliver the next stage payload," the BlackBerry Research and Intelligence Team  said  in a technical report published Monday. Another campaign discovered by the Canadian cybersecurity company in early March 2023 shows that Turkey has also landed in the crosshairs of the threat actor's collection priorities. SideWinder  has been on the radar since at least 2012 and it's primarily known to target various Southeast Asian entities located across Pakistan, Afghanistan, Bhutan, China, Myanmar, Nepal, and Sri Lanka. Suspected to be an Indian state-sponsored group, SideWinder is also tracked under the monikers APT-C-17, APT-Q-39, Ha...
Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries

Researchers Link SideWinder Group to Dozens of Targeted Attacks in Multiple Countries

Feb 16, 2023 Advanced Persistent Threat
The prolific  SideWinder  group has been attributed as the nation-state actor behind attempted attacks against 61 entities in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021. Targets included government, military, law enforcement, banks, and other organizations, according to an  exhaustive report  published by Group-IB, which also found links between the adversary and two other intrusion sets tracked as Baby Elephant and  DoNot Team . SideWinder  is also referred to as APT-C-17, Hardcore Nationalist (HN2), Rattlesnake, Razor Tiger, and T-APT4. It's suspected to be of Indian origin, although Kaspersky in 2022 noted that the attribution is no longer deterministic. The  group  has been linked to  no less than 1,000 attacks  against government organizations in the Asia-Pacific region since April 2020, according to a report from the Russian cybersecurity firm early last year. Of the 61 potential targets...
Want to Grow Vulnerability Management into Exposure Management? Start Here!

Want to Grow Vulnerability Management into Exposure Management? Start Here!

Dec 05, 2024Attack Surface / Exposure Management
Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...
SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan

SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan

Oct 24, 2022
SideWinder, a prolific nation-state actor mainly known for targeting Pakistan military entities, compromised the official website of the National Electric Power Regulatory Authority (NEPRA) to deliver a tailored malware called  WarHawk . "The newly discovered WarHawk backdoor contains various malicious modules that deliver Cobalt Strike, incorporating new TTPs such as  KernelCallBackTable injection  and Pakistan Standard Time zone check in order to ensure a victorious campaign," Zscaler ThreatLabz  said . The threat group, also called APT-C-17, Rattlesnake, and Razor Tiger, is  suspected  to be an Indian state-sponsored actor, although a report from Kaspersky earlier this May acknowledged previous indicators that led to the attribution have since disappeared, making it challenging it to link the threat cluster to a specific nation. More than 1,000 attacks are said to have been  launched by the group  since April 2020, an indication of SideWin...
cyber security

Breaking Barriers: Strategies to Unite AppSec and R&D for Success

websiteBackslashApplication Security
Tackle common challenges to make security and innovation work seamlessly.
SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years

SideWinder Hackers Launched Over a 1,000 Cyber Attacks Over the Past 2 Years

May 31, 2022
An "aggressive" advanced persistent threat (APT) group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attacks and the large collection of encrypted and obfuscated malicious components used in their operations," cybersecurity firm Kaspersky  said  in a report that was presented at Black Hat Asia this month. SideWinder , also called Rattlesnake or T-APT-04, is said to have been active since at least 2012 with a  track record  of targeting military, defense, aviation, IT companies, and legal firms in Central Asian countries such as Afghanistan, Bangladesh, Nepal, and Pakistan. Kaspersky's APT trends report for Q1 2022  published  late last month revealed that the threat actor is actively expanding the geography of its targets beyond its traditional victim profil...
3 Google Play Store Apps Exploit Android Zero-Day Used by NSO Group

3 Google Play Store Apps Exploit Android Zero-Day Used by NSO Group

Jan 07, 2020
Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone—even if downloaded from the official Google Store store⁠—you have been hacked and being tracked. These newly detected malicious Android apps are Camero , FileCrypt , and callCam that are believed to be linked to Sidewinder APT, a sophisticated hacking group specialized in cyber espionage attacks. According to cybersecurity researchers at Trend Micro, these apps were exploiting a critical use-after-free vulnerability in Android at least since March last year⁠—that's 7 months before the same flaw was first discovered as zero-day when Google researcher analysed a separate attack developed by Israeli surveillance vendor NSO Group. "We speculate that these apps have been active since March 2019 based on the certificate information on one of the apps," the researchers said . Tracked as CVE-2019-2215 , the vulnerability is a local privilege escalation...
Expert Insights / Articles Videos
Cybersecurity Resources