The Kaspersky Global Research and Analysis Team (GReAT) has detected that the SideWinder APT group is expanding its attack operations into the Middle East and Africa, utilising a previously unknown espionage toolkit called ‘StealerBot’. As part of its ongoing monitoring of APT activities, Kaspersky said it discovered that recent campaigns by the SideWinder APT group were targeting high-profile entities and strategic infrastructures in various countries in the Middle East, Turkiye, as well as in Morocco and Djibouti in Africa. The campaign in general remains active and may target other victims.
SideWinder, also known as T-APT-04 or RattleSnake, is one of the most prolific APT groups that started operations in 2012. Over the years, it has primarily targeted military and government entities in Pakistan, Sri Lanka, China, and Nepal, as well as other sectors and countries in South and Southeast Asia. Recently, Kaspersky observed new waves of attacks, which have expanded to impact high-profile entities and strategic infrastructure in the Middle East and Africa.
Besides the geographical expansion, Kaspersky discovered that SideWinder is using a previously unknown post-exploitation toolkit called ‘StealerBot’. This is an advanced modular implant designed specifically for espionage activities, and currently used by the group as the main post-exploitation tool. READ ALSO: Elon Musks’ Tesla finally launches long-awaited humanoid, robotaxi “In essence, StealerBot is a stealthy espionage tool that allows threat actors to spy on systems while avoiding easy detection.
It operates through a modular structure, with each component designed to perform a specific function. Notably, these modules never appear as files on the system’s hard drive, making them difficult to trace. “Instead, they are loaded directly into the memory.
At the core of StealerBot is the ‘Orchestrator’, which oversees the entire operation, communicating with the threat actor’s command-and-control server, and coordinating the execution of its various modules”, says Giampaolo Dedola, lead security researcher at Kaspersky’s GReAT. During its latest investigation, Kaspersky observed that StealerBot is performing a range of malicious activities, such as installing additional malware, capturing screenshots, logging keystrokes, stealing passwords from browsers, intercepting RDP (Remote Desktop Protocol) credentials, exfiltrating files, and more. Kaspersky first reported on the group’s activities in 2018.
This actor is known to rely on spear-phishing emails as its main infection method, containing malicious documents exploiting Office vulnerabilities and occasionally making use of LNK, HTML and HTA files that are contained in archives. The documents often contain information obtained from public websites, which is used to lure the victim into opening the file and believing it to be legitimate. Kaspersky observed several malware families being used within parallel campaigns, including both custom-made and modified, publicly available RATs.
Opinions Balanced, fearless journalism driven by data comes at huge financial costs. As a media platform, we hold leadership accountable and will not trade the right to press freedom and free speech for a piece of cake. If you like what we do, and are ready to uphold solutions journalism, kindly donate to the Ripples Nigeria cause.
Your support would help to ensure that citizens and institutions continue to have free access to credible and reliable information for societal development. Donate Now.
Top
Kaspersky identifies new attacks targeted at high-profile entities in Middle East, Africa
The Kaspersky Global Research and Analysis Team (GReAT) has detected that the SideWinder APT group is expanding its attack operations into the Middle East and Africa, utilising a previously unknown espionage toolkit called ‘StealerBot’. As part of its ongoing monitoring of APT activities, Kaspersky said it discovered that recent campaigns by the SideWinder APT group [...]The post Kaspersky identifies new attacks targeted at high-profile entities in Middle East, Africa appeared first on Latest Nigeria News | Top Stories from Ripples Nigeria.