Overview:

A cyber espionage group, known as SideWinder, has significantly intensified its attacks against maritime, logistics and nuclear energy organizations across Asia and Africa, indicating a strategic pivot in its intelligence gathering efforts.

Attack Methodology: The SideWinder actors carefully craft phishing emails, using a wide variety of themes.

                           
                                                    
[Examples of malicious documents pertaining to maritime infrastructure. Image courtesy of malware.news]

Malicious documents are attached. After successful attack execution, the criminals deploy a comprehensive post-exploitation toolkit, called StealerBot.

This malware package grants attackers extensive visibility into and control over compromised systems. StealerBot can:

  • Silently install additional malicious payloads to expand its functionality or maintain persistence.

  • Capture screenshots to monitor user activity.

  • Implement keystroke logging to harvest sensitive credentials while the credentials are entered into a login portal.

  • Systematically extract passwords stored in browsers and various applications.

  • Identify and exfiltrate files that are of particular interest to the cyber criminals.

  • Escalate privileges.

In some cases, the attackers have been known to update their tools in a matter of hours to evade detection, demonstrating the need for real-time, adaptive security.

Target Profile:

Attacks have targeted the maritime, logistics, nuclear energy, hospitality and telecommunications sectors in Egypt, Djibouti, United Arab Emirates, Bangladesh, Cambodia and Vietnam.


SideWinder also appears to be expanding its operations, with new targets among diplomatic organizations in Afghanistan, Algeria, Bulgaria, China, the Maldives, Rwanda, Saudi Arabia, Turkey, Uganda and India.

Despite reliance on an older set of exploit techniques, cyber security professionals warn against underestimating this threat group.

In the past, SideWinder has compromised high-profile entities, including military and government institutions. Analyses of the group’s post-compromise activities indicate that SideWinder is a highly advanced adversary.

Protecting Your Organization:

Serious organized cyber crime threats, like this one, highlight the importance of having robust cybersecurity, and more specifically, advanced email security.

Prevent phishing-based emails that include malicious attachments. Leverage Check Point’s Harmony Email & Collaboration solution.

Get real-time, adaptive and multi-layered protection, with built-in threat intelligence, that not only stops phishing and malware, but that also stops zero-day threats, and collaboration tool corruption.

Via Harmony Email & Collaboration, organizations can also obtain a security awareness content library with which to educate employees regarding the importance of phishing identification and threat prevention.

For more information, schedule a product demo or reach out to your local Check Point representative.