An “aggressive” advanced persistent threat (APT) group known as SideWinder has been linked to over 1,000 new attacks since April 2020.
“Some of the main characteristics of this threat actor that make it stand out among the others, are the sheer number, high frequency and persistence of their attacks and the large collection of encrypted and obfuscated malicious components used in their operations,” cybersecurity firm Kaspersky said in a report that was presented at Black Hat Asia this month.
SideWinder, also called Rattlesnake or T-APT-04, is said to have been active since at least 2012 with a track record of targeting military, defense, aviation, IT companies, and legal firms in Central Asian countries such as Afghanistan, Bangladesh, Nepal, and Pakistan.
Kaspersky’s APT trends report for Q1 2022 published late last month revealed that the threat actor is actively expanding the geography of its targets beyond its traditional victim profile to other countries and regions, including Singapore.
SideWinder has also been observed capitalizing on the ongoing Russo-Ukrainian war as a lure in its phishing campaigns to distribute malware and steal sensitive information.
Source: The Hacker News