FlagThis

The APT group SideWinder is expanding its attacks, now targeting maritime, nuclear, and IT sectors across Asia, the Middle East, and Africa. Previously focused on government, military, and diplomatic institutions, the group has shifted its attention to maritime infrastructure, logistics companies, nuclear power plants, and energy facilities. The attacks, observed by Kaspersky, have spread across multiple countries including Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam.

Kaspersky experts have noted an increase in attacks on nuclear power plants and energy generation facilities with the attackers utilizing spear-phishing emails and malicious documents containing industry-specific terminology to gain trust. The group exploits an older Microsoft Office vulnerability (CVE-2017-11882) to bypass detection systems and access operational data, research projects, and personnel data. According to Kaspersky researchers Giampaolo Dedola and Vasily Berdnikov, SideWinder constantly works to improve its toolsets, stay ahead of security software detections, extend persistence on compromised networks, and hide its presence on infected systems.

ImgSrc: blogger.googleu

References :

• The Register - Security: Sidewinder goes nuclear, charts course for maritime mayhem in tactics shift
• The Hacker News: SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa
• www.it-daily.net: SideWinder now also attacks nuclear power plants
• securityaffairs.com: SideWinder APT targets maritime and nuclear sectors with enhanced toolset

Classification:

• HashTags: #SideWinder #APT #CyberEspionage
• Company: Kaspersky
• Target: Maritime, Nuclear and Energy Sectors
• Attacker: SideWinder
• Product: VPN
• Feature: Phishing
• Type: APT
• Severity: Medium