SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign
#1
Information 
Quote:The SideWinder advanced persistent threat (APT) group has mounted a fresh phishing and malware initiative, using recent territory disputes between China, India, Nepal and Pakistan as lures. The goal is to gather sensitive information from its targets, mainly located in Nepal and Afghanistan.
 
According to an analysis, SideWinder typically targets victims in South Asia and surroundings – and this latest campaign is no exception. The targets here include multiple government and military units for countries in the region researchers said, including the Nepali Ministries of Defense and Foreign Affairs, the Nepali Army, the Afghanistan National Security Council, the Sri Lankan Ministry of Defense, the Presidential Palace in Afghanistan and more.

The effort mainly makes use of legitimate-looking webmail login pages, aimed at harvesting credentials. Researchers from Trend Micro said that these pages were copied from their victims’ actual webmail login pages and subsequently modified for phishing. For example, “mail-nepalgovnp[.]duckdns[.]org” was created to pretend to be the actual Nepal government’s domain, “mail[.]nepal[.]gov[.]np”.
 
Interestingly, after credentials are siphoned off and the users “log in,” they are either sent to the legitimate login pages; or, they are redirected to different documents or news pages, related either to COVID-19 or political fodder.
 
Researchers said some of the pages include a May article entitled “India Should Realise China Has Nothing to Do With Nepal’s Stand on Lipulekh” and a document called “Ambassador Yanchi Conversation with Nepali_Media.pdf,” which provides an interview with China’s ambassador to Nepal regarding Covid-19, the Belt and Road Initiative, and territorial issues in the Humla district.
 
The campaign also includes a malware element, with malicious documents delivered via email that are bent on installing a cyberespionage-aimed backdoor. And, there was evidence that the group is planning a mobile launch to compromise wireless devices.
 
“We identified a server used to deliver a malicious .lnk file and host multiple credential-phishing pages,” wrote researchers, in a Wednesday posting. “We also found multiple Android APK files on their phishing server. While some of them are benign, we also discovered malicious files created with Metasploit.”

Read more: https://threatpost.com/sidewinder-apt-ne...gn/162086/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
AdGuard v4.5.8 for iOS
AdGuard v4.5.8 for...harlan4096 — 09:45
Hasleo Backup Suite 5.0.1
Hasleo Backup Suit...harlan4096 — 09:44
GFYI [Official] Ashampoo Christmas 2024...
Merry Christmas and ...Decimuss — 09:32
GFYI [Official] 'AntGROUP Inc. / VCap-d...
Merry Christmas and ...Decimuss — 09:24
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...Decimuss — 09:14

[-]
Birthdays
Today's Birthdays
avatar (47)trideMup
avatar (45)dinatx11
avatar (55)Sk1n1m1n
avatar (37)Mbobbleheads
avatar (55)earthinvestindia
avatar (55)narenonnet
avatar (55)yosepyap10
avatar (55)rwat67
avatar (37)arkabafamilydental
avatar (55)naiduranga077
avatar (55)indianagirl270
avatar (37)fotohandyhuellegeschenk
avatar (55)VW01
avatar (30)claradsouza
avatar (55)MrHumanGuy
avatar (55)chilcuttjc01
Upcoming Birthdays
avatar (49)theoldevext
avatar (44)algratCep
avatar (49)Qlaude2Sap
avatar (40)pieleatisDilia
avatar (42)ilyavvop
avatar (37)urytog
avatar (37)bubblewrapsuit2018
avatar (43)tabthinLem
avatar (38)ixofehym
avatar (50)Josepharelf
avatar (39)kholukrefar
avatar (48)Lauraimike
avatar (50)WilsonWag
avatar (48)StevenPiole
avatar (39)zetssToomy
avatar (46)GornOr
avatar (44)StephenViedy
avatar (46)tuebrUNure
avatar (39)alexeytsa4721
avatar (49)Jamesmog
avatar (37)opeqyrav
avatar (38)theatidere
avatar (47)denisEquivok
avatar (35)mikebrian01
avatar (37)ivanoFloom
avatar (41)Tyreeplurb
avatar (40)uxegihor

[-]
Online Staff
There are no staff members currently online.

>