SideWinder | Breaking Cybersecurity News | The Hacker News

The advanced persistent threat (APT) actor known as SideWinder has been accused of deploying a backdoor in attacks directed against Pakistan government organizations as part of a campaign that commenced in late November 2022. "In this campaign, the SideWinder advanced persistent threat (APT) group used a server-based polymorphism technique to deliver the next stage payload," the BlackBerry Research and Intelligence Team  said  in a technical report published Monday. Another campaign discovered by the Canadian cybersecurity company in early March 2023 shows that Turkey has also landed in the crosshairs of the threat actor's collection priorities. SideWinder  has been on the radar since at least 2012 and it's primarily known to target various Southeast Asian entities located across Pakistan, Afghanistan, Bhutan, China, Myanmar, Nepal, and Sri Lanka. Suspected to be an Indian state-sponsored group, SideWinder is also tracked under the monikers APT-C-17, APT-Q-39, Ha

The prolific  SideWinder  group has been attributed as the nation-state actor behind attempted attacks against 61 entities in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021. Targets included government, military, law enforcement, banks, and other organizations, according to an  exhaustive report  published by Group-IB, which also found links between the adversary and two other intrusion sets tracked as Baby Elephant and  DoNot Team . SideWinder  is also referred to as APT-C-17, Hardcore Nationalist (HN2), Rattlesnake, Razor Tiger, and T-APT4. It's suspected to be of Indian origin, although Kaspersky in 2022 noted that the attribution is no longer deterministic. The  group  has been linked to  no less than 1,000 attacks  against government organizations in the Asia-Pacific region since April 2020, according to a report from the Russian cybersecurity firm early last year. Of the 61 potential targets compiled by Group-IB, 29 of them are located

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

SideWinder, a prolific nation-state actor mainly known for targeting Pakistan military entities, compromised the official website of the National Electric Power Regulatory Authority (NEPRA) to deliver a tailored malware called  WarHawk . "The newly discovered WarHawk backdoor contains various malicious modules that deliver Cobalt Strike, incorporating new TTPs such as  KernelCallBackTable injection  and Pakistan Standard Time zone check in order to ensure a victorious campaign," Zscaler ThreatLabz  said . The threat group, also called APT-C-17, Rattlesnake, and Razor Tiger, is  suspected  to be an Indian state-sponsored actor, although a report from Kaspersky earlier this May acknowledged previous indicators that led to the attribution have since disappeared, making it challenging it to link the threat cluster to a specific nation. More than 1,000 attacks are said to have been  launched by the group  since April 2020, an indication of SideWinder's newfound aggression

An "aggressive" advanced persistent threat (APT) group known as SideWinder has been linked to over 1,000 new attacks since April 2020. "Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attacks and the large collection of encrypted and obfuscated malicious components used in their operations," cybersecurity firm Kaspersky  said  in a report that was presented at Black Hat Asia this month. SideWinder , also called Rattlesnake or T-APT-04, is said to have been active since at least 2012 with a  track record  of targeting military, defense, aviation, IT companies, and legal firms in Central Asian countries such as Afghanistan, Bangladesh, Nepal, and Pakistan. Kaspersky's APT trends report for Q1 2022  published  late last month revealed that the threat actor is actively expanding the geography of its targets beyond its traditional victim profile to other

Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone—even if downloaded from the official Google Store store⁠—you have been hacked and being tracked. These newly detected malicious Android apps are Camero , FileCrypt , and callCam that are believed to be linked to Sidewinder APT, a sophisticated hacking group specialized in cyber espionage attacks. According to cybersecurity researchers at Trend Micro, these apps were exploiting a critical use-after-free vulnerability in Android at least since March last year⁠—that's 7 months before the same flaw was first discovered as zero-day when Google researcher analysed a separate attack developed by Israeli surveillance vendor NSO Group. "We speculate that these apps have been active since March 2019 based on the certificate information on one of the apps," the researchers said . Tracked as CVE-2019-2215 , the vulnerability is a local privilege escalation