SideWinder APT has extended its cyber espionage activities beyond Asia, now targeting high-profile entities and critical infrastructures in the Middle East and Africa. Using a new espionage toolkit dubbed ‘StealerBot,’ the group’s operations have expanded to countries like Morocco, Djibouti, and Turkiye.
The Advanced Persistent Threat (APT) group, SideWinder, which has been active since 2012, is known for targeting military and government entities in South and Southeast Asia.
Kaspersky has revealed that SideWinder has launched new attacks, expanding their scope to regions in the Middle East and Africa. The attacks are focused on strategic infrastructures, suggesting a sophisticated espionage campaign.
A crucial element of this expansion is the group’s deployment of a previously unknown toolkit called ‘StealerBot.’
According to Giampaolo Dedola, lead security researcher at Kaspersky, “StealerBot is an advanced and stealthy espionage tool designed to evade detection by operating entirely within system memory, and coordinating activities through a central ‘Orchestrator’ module.” This toolkit allows SideWinder to perform a wide range of activities, from capturing screenshots and stealing credentials to exfiltrating sensitive files.
The group primarily uses spear-phishing emails containing malicious documents that exploit Office vulnerabilities, often leveraging real-world information to deceive targets.
Kaspersky urges CIOs of organizations to enhance their cybersecurity measures by utilizing advanced threat detection solutions like Kaspersky Anti Targeted Attack Platform, educating employees on phishing dangers, and leveraging threat intelligence resources such as the Kaspersky Threat Intelligence Portal.
