Recent findings reveal that SideWinder has developed a massive new infrastructure to distribute malware and control compromised systems, with a notable increase in attacks against maritime infrastructures, logistics companies, and entities related to nuclear energy. Researchers at Securelist note that SideWinder continuously improves its toolset to evade security software detection, extend persistence on compromised networks, and conceal its presence. These new malware variants feature enhanced anti-analysis code and employ Control Flow Flattening more extensively to evade detection, highlighting the group’s continued evolution and technical sophistication. These findings shows the importance of patching systems against even older vulnerabilities like CVE-2017-11882, as sophisticated threat actors continue to leverage them in targeted campaigns against high-value sectors and critical infrastructure worldwide. These documents employ themes related to nuclear power plants, maritime infrastructures, governmental decisions, or diplomatic issues to trick victims into opening malicious attachments. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Cybersecurity researchers have identified intensified activity from the SideWinder APT group throughout 2024, with significant updates to their toolset and expanded targeting beyond traditional military and government entities. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. The primary infection vector remains consistent with previous campaigns, using spear-phishing emails containing weaponized documents. The infection process begins when targets open malicious DOCX files attached to spear-phishing emails.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 11 Mar 2025 10:20:07 +0000