Recent SideWinder Campaign Targets Ports And Maritime Facilities

The notorious SideWinder threat actor group is back with another cyberespionage campaign. This time, SideWinder targets maritime facilities in a specific region. The campaign’s success in attacking organizations once again proves that humans are the main cybersecurity vulnerability, as it relies on social engineering.

SideWinder Campaign Targets Maritime Facilities

Researchers from the BlackBerry Threat Research and Intelligence team discovered a new malicious campaign from the SideWinder group, attacking ports and maritime services. The recent attack demonstrates the attackers’ advanced capabilities and upgraded infrastructure to ensure precise targeting.

As explained, the attack begins via the usual spearphishing tactics to trick the employees of the target firms. The phishing emails contain malicious attachments, often including sensitive messages, such as an employee termination notice, a report against a sexual harassment incident, or salary cut notifications—everything that may panic a naive employee into opening the document.

Once done, the malware infects the target system, establishing its foothold in different stages. To deploy the malware, the threat actors exploit the known (and previously patched) vulnerability, CVE-2017-0199, hoping to exploit unpatched systems.

This isn’t the first exploitation attempt for CVE-2017-0199, as different threat actors have previously exploited it to deploy backdoors against crypto startups, air-gapped systems, and more.

The researchers have shared the technical details about the recent SideWinder cyberespionage campaign in their blog post.

Regarding the victims, most target entities include ports and maritime facilities in the Indian Ocean and Mediterranean Sea. These targets belong to various countries, including Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and the Maldives.

SideWinder is a known APT that has been actively running campaigns since 2012. Also known as the Razor Tiger, Rattlesnake, and T-APT-04, the state actors allegedly belong to India and frequently target the military, government, and business organizations in nearby countries such as Afghanistan, China, Nepal, and Pakistan.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients