Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities
Sep 26, 2024
Cloud Security / Cyber Espionage
An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control (C2). Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming , which is also called Outrider Tiger and Fishing Elephant . "Between late 2022 to present, SloppyLemming has routinely used Cloudflare Workers, likely as part of a broad espionage campaign targeting South and East Asian countries," Cloudflare said in an analysis. SloppyLemming is assessed to be active since at least July 2021, with prior campaigns leveraging malware such as Ares RAT and WarHawk , the latter of which is also linked to a known hacking crew called SideWinder. The use of Ares RAT, on the other hand, has been attributed to SideCopy , a threat actor likely of Pakistani origin. Targets of the SloppyLemming's activity span government, law enforcement, energy, education