HQ/EMEAFind out how we can help your business
An advanced persistent threat (APT) group known as SideWinder has intensified its cyberattacks on maritime, nuclear, and IT sectors across South Asia, the Middle East, and Africa. Cybersecurity researchers have identified a surge in targeted attacks against key industries, including telecommunications, consulting, real estate, and hospitality.
According to reports, SideWinder’s recent campaigns have focused on countries such as Bangladesh, Cambodia, Djibouti, Egypt, the UAE, and Vietnam. Diplomatic entities in Afghanistan, Algeria, Bulgaria, China, India, the Maldives, Rwanda, Saudi Arabia, Turkey, and Uganda have also been targeted, raising concerns over the group’s expanding reach. Notably, SideWinder’s attacks on Indian organisations are significant, as the group has previously been suspected of having Indian origins.
SideWinder APT primarily uses spear-phishing emails containing malicious documents to deliver its malware.
The group exploits a known Microsoft Office vulnerability (CVE-2017-11882) to initiate a multi-stage attack. A .NET-based downloader called ModuleInstaller is used to execute StealerBot, a modular post-exploitation toolkit capable of stealing sensitive data from compromised systems.
Security researchers highlight that SideWinder is a highly adaptable adversary. The group consistently updates its malware to bypass detection, often modifying its tools within five hours of being identified. It also changes attack techniques, file names, and file paths to maintain persistence on compromised networks.
Earlier research in October 2024 extensively documented SideWinder’s use of StealerBot, while a July 2024 report emphasised the group’s focus on maritime infrastructure. The latest findings confirm that SideWinder is actively targeting nuclear power plants, energy agencies, and port authorities, using lure documents referencing these industries to deceive victims.
As SideWinder APT continues to refine its cyber operations, organisations in the affected sectors must enhance their defences against such threats. Cybersecurity experts recommend regular security updates, advanced threat detection solutions, and employee awareness training to mitigate the risk of falling victim to SideWinder attacks.
