prolific aspect winder The group is blamed for the state actors behind tried assaults towards 61 organizations in Afghanistan, Bhutan, Myanmar, Nepal and Sri Lanka between June and November 2021.
Targets embody governments, the navy, regulation enforcement businesses, banks and different organizations, in keeping with an in depth report revealed by Group-IB, which the report tracks adversaries and Child Elephant and DoNot Crew. A hyperlink between two different intrusion units was additionally found.
SideWinder is also referred to as APT-C-17, Hardcore Nationalist (HN2), Rattlesnake, Razor Tiger, and T-APT4. In 2022, Kaspersky famous that the attribution is now not deterministic, however is suspected to be of Indian origin.
The group has been implicated in additional than 1,000 assaults towards authorities businesses within the Asia-Pacific area since April 2020, a Russian cybersecurity agency reported earlier final yr.
Of the 61 potential targets compiled by Group IB, 29 are based mostly in Nepal, 13 in Afghanistan, 10 in Myanmar, 6 in Sri Lanka and 1 in Bhutan.
A typical assault chain launched by an attacker begins with a spear-phishing e mail containing an attachment or booby-trap URL that directs the sufferer to an intermediate payload used to drop the ultimate stage malware.
SideWinder has additionally added an array of recent instruments to its operations, together with a distant entry Trojan and an information-stealing program written in Python that may steal delicate knowledge saved on a sufferer’s pc by way of Telegram. It’s stated
Group-IB stated:
The Singapore-based firm additionally discovered proof linking the attackers to a 2020 assault focusing on the Maldivian authorities, along with establishing overlaps in infrastructure and ways between SideWinder, Child Elephant, and the DoNot Crew. stated he did.
Whereas the DoNot crew is understood to have pursuits in Bangladesh, India, Nepal, Pakistan, and Sri Lanka, Child Elephant might be focused by Chinese language cybersecurity agency Antiy Labs in 2021 to manage Chinese language authorities and protection businesses. It was first documented as a complicated persistent risk from focused India. Pakistan.
“Since 2017, the variety of ‘Child Elephant’ assaults has doubled yearly, assault strategies and sources have progressively change into extra plentiful, and targets have begun to cowl extra areas of South Asia,” the Chinese language firm stated. advised to International Occasions, the nationwide media on the time.
As well as, we uncovered similarities between SideWinder and the supply code utilized by different South Asia-focused teams resembling Clear Tribe, Patchwork (aka Hangover), and DoNot Crew.
Group-IB stated, “This info means that state-sponsored actors are prepared to borrow instruments from one another and tailor them to their wants.”
The risk actor’s capacity to repeatedly refine its toolset based mostly on evolving priorities makes it a very harmful actor working within the espionage realm.
“On condition that SideWinder has been round for such a very long time, creating new instruments and sustaining a reasonably large community infrastructure, the group clearly has appreciable monetary sources and is state-sponsored. more than likely.”