India’s SideWinder advanced persistent threat group (APT) has expanded its target range beyond Southeast Asia to include Pakistani government officials and individuals in Turkey, according to researchers at BlackBerry Threat Research and Intelligence team. The group uses polymorphism techniques to bypass traditional signature-based antivirus detection to deliver a next-stage payload. The attacks use content-targeted documents that exploit a remote template injection flaw to deliver malicious payloads. SideWinder‘s main targets have been Pakistani military infrastructure since 2012, but the group appears to be expanding its war on Indian espionage interests. Server-side polymorphism is a technique used since the 1990s to evade detection by AV tools and makes detection challenging since each new download has a new hash, which “effectively breaks hash-based detections used by security operations centers (SOCs) and some endpoint scanners,” said Dmitry Bestuzhev, senior director of cyber-threat intelligence at BlackBerry. Organizations can mitigate these attacks by focusing on meaningful tactics, techniques, and procedures (TTPs) and behaviors in the system or code blocks covered by machine learning technologies.
Cybersecurity–cybersecurity,attack,SideWinder,multiphase,polymorphic,Pakistan,Turkey,impact,scope
<< photo by Pixabay >>
You might want to read !
- The Rise of ScanBox Keylogger: Watering Hole Attacks on the Horizon
- Data Security Innovator Immuta Secures Funding from Databricks Ventures
- “Unsecured Software Supply Chains: A Billion-Dollar Risk, Warns Juniper Research Study”
- T-Mobile Suffers Another Hack, Raising Concerns About Customer Data Protection
- “Global APT Attacks: China, North Korea, and Iran Implicated, While Russia Targets Ukraine and EU, According to ESET Report”
- “Data Held Hostage: Western Digital Customers Fall Prey to Ransomware Attack”
- “BlackCat Takes on Western Digital With Bold Leaked Image From Response Meeting”
- Campus Chaos: Massive Student Loan Breach Exposes 2.5 Million Records
