CyberSecurityBoard
Sponsor Register Login

SideWinder Hacking Group Uses ClickOnce-Based Infection Chain

The SideWinder hacking group has been observed employing a sophisticated ClickOnce-based infection chain to compromise targets. This technique leverages Microsoft's ClickOnce deployment technology to deliver malicious payloads stealthily, bypassing traditional security defenses. SideWinder, known for its persistent cyber espionage campaigns, targets government entities and critical infrastructure sectors, aiming to exfiltrate sensitive information and maintain long-term access. The infection chain typically begins with spear-phishing emails containing malicious links or documents that trigger the ClickOnce deployment, leading to the installation of backdoors and remote access tools. This method enhances the attackers' ability to evade detection by blending with legitimate software deployment processes. Security researchers emphasize the importance of user awareness, robust email filtering, and endpoint protection to mitigate such threats. Organizations are advised to monitor network traffic for unusual ClickOnce activity and apply strict application whitelisting policies. This emerging tactic underscores the evolving landscape of cyber threats where attackers continuously adapt legitimate technologies for malicious purposes. Staying informed and implementing layered security measures remain critical in defending against advanced persistent threats like SideWinder.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 24 Oct 2025 16:50:24 +0000


Cyber News related to SideWinder Hacking Group Uses ClickOnce-Based Infection Chain

SideWinder Adopts New ClickOnce-Based Loader to Evade Detection - SideWinder, a known cyber espionage group, has recently updated its attack methodology by adopting a new ClickOnce-based loader. This evolution in their tactics allows them to better evade detection by traditional security solutions. ClickOnce is a ...
2 months ago Thehackernews.com SideWinder
SideWinder Hacking Group Uses ClickOnce-Based Infection Chain - The SideWinder hacking group has been observed employing a sophisticated ClickOnce-based infection chain to compromise targets. This technique leverages Microsoft's ClickOnce deployment technology to deliver malicious payloads stealthily, bypassing ...
2 months ago Cybersecuritynews.com SideWinder
CVE-2022-50280 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
Software Supply Chain Security Checklist - In the ever-evolving landscape of digital innovation, the integrity of software supply chains has become a pivotal cornerstone for organizational security. Software supply chain security is not just about protecting code - it's about safeguarding the ...
1 year ago Feeds.dzone.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 year ago Securelist.com
SideWinder Hacker Group Hosting Fake Outlook Portals to Steal Credentials - The SideWinder hacker group has been identified hosting fake Outlook login portals as part of a sophisticated phishing campaign aimed at stealing user credentials. These counterfeit portals are designed to closely mimic legitimate Microsoft Outlook ...
3 months ago Cybersecuritynews.com SideWinder
SideWinder APT Group Attacking Military & Government Entities With New Tools - Recent findings reveal that SideWinder has developed a massive new infrastructure to distribute malware and control compromised systems, with a notable increase in attacks against maritime infrastructures, logistics companies, and entities related to ...
10 months ago Cybersecuritynews.com Sidewinder CVE-2017-11882
Encouraging Ethical Hacking Skills in Students - This article delves into the significance of encouraging ethical hacking skills in students and the numerous benefits it offers to individuals and society as a whole. Possessing ethical hacking skills can provide students with a competitive advantage ...
2 years ago Securityzap.com
New "MITRE ATT&CK-like" framework outlines software supply chain attack TTPs - A new open framework seeks to outline a comprehensive and actionable way for businesses and security teams to understand attacker behaviors and techniques specifically impacting the software supply chain. The Open Software Supply Chain Attack ...
2 years ago Csoonline.com
Sidewinder Hackers Using Weaponized Docs to Install Malware - Sidewinder APT group's sophisticated threat landscape reveals a skilled and persistent threat targeting the Nepalese Government entities. Their focus extends to South Asian governments, with researchers also identifying a recent complex attack on ...
2 years ago Gbhackers.com Sidewinder
CVE-2022-48895 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
SideWinder APT Hackers Leverage Nepal Protests - The SideWinder APT group has been actively exploiting the ongoing Nepal protests to conduct cyber espionage and targeted attacks. This threat actor leverages the socio-political unrest as a cover to deploy sophisticated malware and phishing campaigns ...
3 months ago Cybersecuritynews.com SideWinder
Lumma Password Stealer Attack Infection Chain and Its Escalation Tactics Uncovered - WithSecure analysts identified Lumma during their analysis of open source samples between February and March 2025, revealing the malware’s sophisticated three-stage infection process. This massive infection rate prompted coordinated ...
5 months ago Cybersecuritynews.com
Russia hacking: 'FSB in years-long cyber attacks on UK', says government - The UK is accusing Russia's Security Service, the FSB, of a sustained cyber-hacking campaign, targeting politicians and others in public life. The government said one group stole data through cyber-attacks, which was later made public, including ...
2 years ago Bbc.com
security and privacy in Facebook groups - Having found myself roped into assisting as co-administrator a couple of Facebook groups with security/privacy issues, I thought I should, perhaps, share what little I know about defending your group against scam and spam posts and comments by ...
2 years ago Securityboulevard.com
Threat Actors Weaponizes LNK Files to Deploy RedLoader Malware on Windows Systems - The sophistication lies not in the initial delivery mechanism, but in the subsequent execution chain that combines legitimate system processes with malicious payloads to establish persistent access while remaining largely undetected by traditional ...
5 months ago Cybersecuritynews.com
Shuckworm Group Uses PowerShell Based GammaSteel Malware in Targeted Attacks - This latest campaign, observed from February through March 2025, represents an evolution in the group’s tactics with a shift toward more sophisticated PowerShell-based malware tools that enhance stealth and persistence capabilities. This ...
9 months ago Cybersecuritynews.com
When a Botnet Cries: Detecting Botnet Infection Chains - These cookies are used to collect information about how you interact with our website and allow us to remember you. We use this information in order to improve and customize your browsing experience and for analytics and metrics about our visitors ...
2 years ago Blog.sekoia.io
CISA Announces Renewal of the Information and Communications Technology Supply Chain Risk Management Task Force - The Task Force, chaired by CISA's National Risk Management Center and the Information Technology and Communications Sector Coordinating Councils, is a public-private partnership composed of a diverse range of representatives from public and private ...
1 year ago Cisa.gov
Imperva Detects Undocumented 8220 Gang Activities - Imperva Threat Research has detected previously undocumented activity from the 8220 gang, which is known for the mass deployment of malware using a variety of continuously evolving TTPs. This threat actor has been known to target both Windows and ...
2 years ago Imperva.com CVE-2017-3506 CVE-2021-44228 CVE-2020-14883 CVE-2020-14882
UK, ROK sound alarm over North Korean supply chain attacks The Register - The national cybersecurity organizations of the UK and the Republic of Korea have issued a joint advisory warning of an increased volume and sophistication of North Korean software supply chain attacks. "In an increasingly digital and interconnected ...
2 years ago Theregister.com Lazarus Group
CVE-2025-21986 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago
Syrian Threat Group Peddles Destructive SilverRAT - The group behind a sophisticated remote access Trojan, SilverRAT, has links to both Turkey and Syria and plans to release an updated version of the tool to allow control over compromised Windows systems and Android devices. According to a threat ...
2 years ago Darkreading.com LAPSUS$
Beware of Malicious Browser Updates That Installs SocGholish Malware - SocGholish malware follows a multi-layered infection chain, beginning with a user visiting a compromised website that displays a fake browser update notification. SocGholish is a JavaScript-based loader malware that uses a complex infection chain ...
10 months ago Cybersecuritynews.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)