- Dark Web Trio Sentenced - October 15, 2023
- Dymocks Data: Darknet Hit? - October 15, 2023
- Dark Web Forum Shows How to Synthesize Methamphetamine at Home - October 4, 2023
In a study released jointly by Group-IB and Bridewell, it is claimed that the SideWinder hacker ring, purportedly supported by the Indian government, is employing the new attack infrastructure to perform targeted cyberattacks against targets in Pakistan and China.
Researchers claim that the hackers established 55 domains that imitate different news, political, telecommunications, and financial institutions.
The researchers noted that “the discovered phishing domains mimic different groups in the news, governance, communications, and economics sectors.”
Who is actually SideWinder?
Since 2012, the SideWinder group’s activities have become well-known. To gain access to target networks, it mostly employs sophisticated phishing emails. Pakistan, China, Sri Lanka, Afghanistan, Bangladesh, Myanmar, the Philippines, Qatar, and Singapore are the most commonly targeted nations by the outfit, which is said to be motivated by Indian intelligence goals.
Group-IB revealed data in February 2023 suggesting that SideWinder may have targeted 61 governmental, military, law enforcement, and other institutions around Asia in the second part of 2022. And more recently, the group has been observed carrying out covert assaults on institutions of the Pakistani government using a method known as “Server-Based Polymorphism.”
The aforementioned domains were made by the attackers to seem like Pakistani, Chinese, and Indian governments. A large number of them included “trap documents” regarding the government. They are intended to upload subsequent payloads to the target device.
Experts discovered a large number of malicious files that were implicated in the infection throughout the study. These include malicious Windows shortcuts (“.lnk”) that open malicious HTML programs, Microsoft Word papers that seem to be from the Pakistan Naval War College, and phony Android mobile apps.
The phishing domains employed in this malware operation suggest that SideWinder is primarily aimed at media, financial, governmental, and law enforcement entities as well as e-commerce businesses in Pakistan and China.