uTalk
Official forum for Utopia Community
You are not logged in.
- Topics: Active | Unanswered
#1 2023-05-17 19:04:43
- thrive
- Member
- Registered: 2023-01-04
- Posts: 2,068
Covert Attack Infrastructure of the State-Sponsored Sidewinder Hacker
Researchers in the field of cybersecurity have discovered previously unreported attack infrastructure that SideWinder, a well-known state-sponsored organization, has used to attack targets in China and Pakistan.
In a joint report shared with The Hacker News, cybersecurity firms Group-IB and Bridewell claimed that the threat actor used a network of 55 domains and IP addresses.
Researchers Nikita Rostovtsev, Joshua Penny, and Yashraj Solanki noted that the "identified phishing domains mimic various organizations in the news, government, telecommunications, and financial sectors.".
Since at least 2012, SideWinder has been known to be active. Attack chains use spear-phishing as their main method of entry into targeted environments.
It is widely believed that Indian espionage interests are the group's target range. Pakistan, China, Sri Lanka, Afghanistan, Bangladesh, Myanmar, the Philippines, Qatar, and Singapore are among the countries that are most frequently attacked.
In the beginning of February, Group-IB disclosed information suggesting that SideWinder may have targeted 61 governmental, military, law enforcement, and other organizations throughout Asia between June and November 2021.
More recently, it was discovered that the nation-state group was employing evasive attacks against Pakistani government institutions using a method known as server-based polymorphism.
The recently discovered domains are modeled after government entities in Pakistan, China, and India and are distinguished by the use of the same WHOIS record values and similar registration data.
Government-themed lure documents with an unknown next-stage payload are hosted on some of these domains.
Most of these files were uploaded from Pakistan to VirusTotal in March 2023. One of them is a Microsoft Word document allegedly from the Pakistan Navy War College (PNWC), which was recently examined by QiAnXin and BlackBerry.
Offline
#2 2023-05-18 22:35:08
- crpuusd
- Member
- From: Blockchain
- Registered: 2022-12-13
- Posts: 1,735
Re: Covert Attack Infrastructure of the State-Sponsored Sidewinder Hacker
And the group was believed to be orignated from India. All seem like a cyber warfare that lasted for over 10years now. Its to learn how to encrypt for secured purpose rather to be hacked and looses valuable information..
Last edited by crpuusd (2023-05-18 22:40:44)
Offline
#3 2023-05-18 23:46:36
- thrive
- Member
- Registered: 2023-01-04
- Posts: 2,068
Re: Covert Attack Infrastructure of the State-Sponsored Sidewinder Hacker
And the group was believed to be orignated from India. All seem like a cyber warfare that lasted for over 10years now. Its to learn how to encrypt for secured purpose rather to be hacked and looses valuable information..
There are several bad actors online but they are mostly from India, Korea, Russia, Arab, and China. The reason why there's increase in their attack is because of their curiosity.
Offline
#4 2023-05-20 06:30:56
- Comrade
- Member
- From: Utopia App Client
- Registered: 2022-12-30
- Posts: 1,703
Re: Covert Attack Infrastructure of the State-Sponsored Sidewinder Hacker
crpuusd;9130 wrote:And the group was believed to be orignated from India. All seem like a cyber warfare that lasted for over 10years now. Its to learn how to encrypt for secured purpose rather to be hacked and looses valuable information..
There are several bad actors online but they are mostly from India, Korea, Russia, Arab, and China. The reason why there's increase in their attack is because of their curiosity.
I just couldn't believe that this group responsible for such attack are not been probe at all for their actions,
Offline