Phishing, Vulnerability Management, Threat Intelligence

Maritime firms targeted by novel SideWinder cyberespionage campaign

Share
Spyware and ransomware concept with digital glitch effect, spooky hooded hacker with magnifying glass stealing online identity nad hacking personal web accounts.

Maritime facilities and ports in Bangladesh, Egypt, Myanmar, Nepal, Pakistan, Sri Lanka, and the Maldives have been subjected to spear-phishing attacks by suspected Indian state-sponsored threat operation SideWinder as part of a new cyberespionage campaign, reports The Hacker News.

Attacks by SideWinder, also known as APT-C-17, Razor Tiger, Baby Elephant, and Rattlesnake, involved the delivery of spear-phishing emails with sexual harassment, salary reduction, and employee termination lures that include malicious Word documents, an analysis from the BlackBerry Research and Intelligence Team revealed. Opening the files would trigger exploitation of the CVE-2017-0199 vulnerability to communicate with a Pakistan Directorate General Ports and Shipping-spoofing domain to fetch an RTF file leveraging an old Microsoft Office Equation Editor bug, tracked as CVE-2017-11882, to execute JavaScript code-launching shell code, researchers said. "The SideWinder threat actor continues to improve its infrastructure for targeting victims in new regions. The steady evolution of its network infrastructure and delivery payloads suggests that SideWinder will continue its attacks in the foreseeable future," said BlackBerry.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.