SideWinder, a likely India-based cyber-espionage group that has been active since 2012, recently ramped up attacks on organizations in the maritime and logistic sectors in Africa and Asia. In many of the attacks, the threat group has used variously themed phishing emails to lure targets into clicking on a malicious document. The document contains an exploit for CVE-2017-11882, a memory corruption vulnerability in Microsoft Office that SideWinder has used for years in its campaigns, to drop a p
rattlesnake (3)
The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. The BlackBerry Research and Intelligence Team, which discovered the activity, said targets of the spear-phishing campaign include countries like Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and the Maldives.
SideWinder, which is also known by the names APT-C-17, Baby Elephant, Hardcore Nationalist, R
Activity Summary - Week Ending on 3 June 2022:
- Red Sky Alliance identified 43,371 connections from new IP’s checking in with our Sinkholes
- Microsoft in Iowa hit 154 x
- Analysts identified 1,186 new IP addresses participating in various Botnets
- FluBot in the Top 5 Malware
- ArguePatch Variant
- Twisted Panda
- 1AveMariaRAT
- SideWinder, aka: Rattlesnake
- Karakurt
- Vulnerabilities in Smartphone Chips
- OneDrive Attacks
Link to full report: IR-22-154-001_weekly154.pdf
