SideWind APT
SideWind is the name of an Advanced Persistent Threat (APT) group engaged in cyberattacks against high-profile military and government entities situated in Nepal recently, Afghanistan, and the surrounding region. The criminals might be nation-backed judging by the resources available to them, as well as the fact that they are going after targets involved in territorial disputes in the region. Some organizations to fall victim to the recent SideWind APT campaign are the Nepali Ministries of Defense and Foreign Affairs, the Sri Lankan Ministry of Defense and the Nepali Army.
The criminals are relying on infection vectors and schemes to collect data and credentials from their victims. For example, they are using phishing websites to harvest the email credentials of their target. In addition to this, they are also relying on backdoor Trojans compatible with both Windows and Android.
The fraudulent emails used to propagate the corrupted links and applications usually claim to cover a sensitive and contemporary topic such as the aforementioned territorial disputes or data about the ongoing COVID-19 pandemic. One of the payloads used in SideWind APT's recent campaign is a Windows backdoor, which focuses on obtaining files from the breached system. Once installed, it will collect and transmit basic information about the victim's hardware, software and network configuration. After this, it will scan the hard drive for specific files that it has been programmed to collect - any files matching the targeted formats may be compressed and transferred to the control server.
While the mobile malware has not been used yet, malware researchers were able to identify a corrupted APK file linked in some of the corrupted documents that the SideWind APT hackers sent out. The Android malware appears to be a new family, and it is likely to fulfill the purpose of collecting call logs, contacts, text messages, and other data from infected mobile devices.
The SideWind APT is a relatively new name in the field, and their activities have been tracked since 2019. The criminals appear to be focusing on target-specific geopolitical issues when it comes to approaching their victims via phishing content.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.