Man
Professional
- Messages
- 2,956
- Reaction score
- 477
- Points
- 83
The malware is used for cyberespionage against large businesses in the Middle East and Africa.
Specialists from Kaspersky Lab spoke about a new wave of targeted cyberattacks carried out by the SideWinder group. According to the company, attackers are using a new espionage tool - StealerBot, targeting large organizations and strategic infrastructure in the Middle East and Africa.
The SideWinder cyber group, also known as T-APT-04 or RattleSnake, was first spotted by cybersecurity experts in 2012 and has remained one of the most active in the world ever since. In 2018, Kaspersky Lab reported on its activities. The main targets of this group's attacks were military and government institutions in Pakistan, Sri Lanka, China and Nepal, as well as companies and organizations from other South and Southeast Asian countries.
For its attacks, SideWinder used malicious documents that exploited vulnerabilities in Microsoft Office programs. In some cases, other file formats were also used, such as LNK, HTML and HTA, which the attackers distributed in the form of archives. To convince victims to open a malicious file, such documents often contained information from popular websites, giving them a semblance of legitimacy. In the course of its cyberattacks, the group used several malware families: among them were both specially developed and modified versions of ready-made programs, as well as publicly available RAT Trojans.
What has changed. SideWinder expanded the geography of its attacks, starting to target organizations in the Middle East and Africa. In addition, the group has implemented a new espionage tool – StealerBot. This advanced implant was specifically designed to carry out spy operations. StealerBot is now the group's main tool after the vulnerabilities were hacked.
StealerBot is capable of performing many tasks, such as installing additional malware, taking screenshots, logging the sequence of keystrokes, stealing passwords from browsers, intercepting RDP (Remote Desktop Protocol) credentials, and extracting files.
As noted in the company, StealerBot allows attackers to spy on systems, while its detection is extremely difficult. The program is built on a modular structure, where each component is responsible for performing a specific task. These modules are not stored as files on the hard drive, which makes them even more difficult to track: all items are loaded directly into RAM. A key role in the operation of StealerBot is played by the so-called "Orchestrator" — a central component that manages the entire operation, interacts with the attackers' C&C server, and coordinates the actions of all program modules.
Source
Specialists from Kaspersky Lab spoke about a new wave of targeted cyberattacks carried out by the SideWinder group. According to the company, attackers are using a new espionage tool - StealerBot, targeting large organizations and strategic infrastructure in the Middle East and Africa.
The SideWinder cyber group, also known as T-APT-04 or RattleSnake, was first spotted by cybersecurity experts in 2012 and has remained one of the most active in the world ever since. In 2018, Kaspersky Lab reported on its activities. The main targets of this group's attacks were military and government institutions in Pakistan, Sri Lanka, China and Nepal, as well as companies and organizations from other South and Southeast Asian countries.
For its attacks, SideWinder used malicious documents that exploited vulnerabilities in Microsoft Office programs. In some cases, other file formats were also used, such as LNK, HTML and HTA, which the attackers distributed in the form of archives. To convince victims to open a malicious file, such documents often contained information from popular websites, giving them a semblance of legitimacy. In the course of its cyberattacks, the group used several malware families: among them were both specially developed and modified versions of ready-made programs, as well as publicly available RAT Trojans.
What has changed. SideWinder expanded the geography of its attacks, starting to target organizations in the Middle East and Africa. In addition, the group has implemented a new espionage tool – StealerBot. This advanced implant was specifically designed to carry out spy operations. StealerBot is now the group's main tool after the vulnerabilities were hacked.
StealerBot is capable of performing many tasks, such as installing additional malware, taking screenshots, logging the sequence of keystrokes, stealing passwords from browsers, intercepting RDP (Remote Desktop Protocol) credentials, and extracting files.
As noted in the company, StealerBot allows attackers to spy on systems, while its detection is extremely difficult. The program is built on a modular structure, where each component is responsible for performing a specific task. These modules are not stored as files on the hard drive, which makes them even more difficult to track: all items are loaded directly into RAM. A key role in the operation of StealerBot is played by the so-called "Orchestrator" — a central component that manages the entire operation, interacts with the attackers' C&C server, and coordinates the actions of all program modules.
Source
