SideWinder, Advanced Hacking Group, Expands Attack Range

SideWinder illustration (photo: Kaspersky)

JAKARTA - SideWIND's advanced hacker group (APT) is increasingly launching attacks. After previously focusing on South and Southeast Asia, they are now expanding their range of attacks on the Middle East and Africa.

Kaspersky, a global cybersecurity company, discovered that SideWinder used a new spy tool called StealerBot.

This tool is very dangerous because it has the ability to infect the system undetected, steal sensitive data, and remotely control the system.

The global cybersecurity company also mentioned that the StealerBot works modularly, making it difficult for security systems to track.

These alats operate through modular structures, with each component designed to run certain functions. In particular, these modules never appear as files on the hard drive of the system, making them difficult to track. In contrast, these modules are loaded directly into memory,' said Giampaolo Dedola, head of security researchers at GREAT.

Kaspersky first reported the group's activities in 2018. SideWinder's modus operandi generally begins with phishing attacks.

The perpetrator will send an email containing malicious attachments designed to exploit vulnerabilities in software such as Microsoft Office. After successfully infiltrating, the StealerBot will be installed and start carrying out its malicious activities.

SideWinder's main targets of attack are government agencies, military, and critical infrastructure. They target sensitive data such as state classified information, strategic plans, and login credentials.

Kaspersky has also observed several families of malware used in parallel campaigns, including specially created and modified RATs, which are publicly available.