• Mon. Jun 17th, 2024

Deceptive Tactics: SideWinder Group Poses as Pakistani and Chinese Government Agencies in New Attacks

Avatar photo

ByHarper Stewart

Aug 18, 2023
SideWinder Group impersonates agencies in attacks
Harper Stewart
Latest posts by Harper Stewart (see all)

In a study released jointly by Group-IB and Bridewell, it is claimed that the SideWinder hacker ring, purportedly supported by the Indian government, is employing the new attack infrastructure to perform targeted cyberattacks against targets in Pakistan and China.

Researchers claim that the hackers established 55 domains that imitate different news, political, telecommunications, and financial institutions.

The researchers noted that “the discovered phishing domains mimic different groups in the news, governance, communications, and economics sectors.”

Who is actually SideWinder?

Since 2012, the SideWinder group’s activities have become well-known. To gain access to target networks, it mostly employs sophisticated phishing emails. Pakistan, China, Sri Lanka, Afghanistan, Bangladesh, Myanmar, the Philippines, Qatar, and Singapore are the most commonly targeted nations by the outfit, which is said to be motivated by Indian intelligence goals.

Group-IB revealed data in February 2023 suggesting that SideWinder may have targeted 61 governmental, military, law enforcement, and other institutions around Asia in the second part of 2022. And more recently, the group has been observed carrying out covert assaults on institutions of the Pakistani government using a method known as “Server-Based Polymorphism.”

The aforementioned domains were made by the attackers to seem like Pakistani, Chinese, and Indian governments. A large number of them included “trap documents” regarding the government. They are intended to upload subsequent payloads to the target device.

Experts discovered a large number of malicious files that were implicated in the infection throughout the study. These include malicious Windows shortcuts (“.lnk”) that open malicious HTML programs, Microsoft Word papers that seem to be from the Pakistan Naval War College, and phony Android mobile apps.

The phishing domains employed in this malware operation suggest that SideWinder is primarily aimed at media, financial, governmental, and law enforcement entities as well as e-commerce businesses in Pakistan and China.

Avatar photo

Harper Stewart

With a deep understanding of the complexities of the Dark Web, Harper curates informative and thought-provoking content for our readers. Her knowledge of the hidden corners of the internet and cybersecurity helps shed light on the often mysterious and illicit activities that take place in this realm.