SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats

A European embassy located in the Indian capital of New Delhi, as well as multiple organizations in Sri Lanka, Pakistan, and Bangladesh, have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder in September 2025. The activity "reveals a notable evolution in...

SideWinder's Shifting Sands: Click Once for Espionage

SideWinder's Shifting Sands: Click Once for Espionage By Ernesto Fernández Provecho and Pham Duy Phuc · October 22, 2025 In September 2025, the Trellix Advanced Research Center ARC detected a campaign targeting a European embassy located in New Delhi, India. Further investigation led to the...

EUVD-2004-2536

Malware in sbrugna...

CVE-2004-2545

Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service SMTP proxy failure via unknown attack vendors involving an "extremely busy network." NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts...

CVE-2004-2399

Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service CPU consumption via delayed responses to DNS queries...

South Asian Ministries Hit by SideWinder APT Using Old Office Flaws and Custom Malware

High-level government institutions in Sri Lanka, Bangladesh, and Pakistan have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder. "The attackers used spear phishing emails paired with geofenced payloads to ensure that only victims in specific countries...

SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa

Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat APT group dubbed SideWinder. The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates,...

SideWinder targets the maritime and nuclear sectors with an updated toolset

Last year, we published an article about SideWinder, a highly prolific APT group whose primary targets have been military and government entities in Pakistan, Sri Lanka, China, and Nepal. In it, we described activities that had mostly happened in the first half of the year. We tried to draw...

SideWinder APT Strikes Middle East and Africa With Stealthy Multi-Stage Attack

An advanced persistent threat APT actor with suspected ties to India has sprung forth with a flurry of attacks against high-profile entities and strategic infrastructures in the Middle East and Africa. The activity has been attributed to a group tracked as SideWinder, which is also known as...

Beyond the Surface: the evolution and expansion of the SideWinder APT group

SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched attacks against high-profile entities in South and Southeast Asia. Its primary targets have been...

Cloudflare Warns of India-Linked Hackers Targeting South and East Asian Entities

An advanced threat actor with an India nexus has been observed using multiple cloud service providers to facilitate credential harvesting, malware delivery, and command-and-control C2. Web infrastructure and security company Cloudflare is tracking the activity under the name SloppyLemming, which ...

New SideWinder Cyber Attacks Target Maritime Facilities in Multiple Countries

The nation-state threat actor known as SideWinder has been attributed to a new cyber espionage campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea. The BlackBerry Research and Intelligence Team, which discovered the activity, said targets of the spear-phishi...

Patchwork Hackers Target Bhutan with Advanced Brute Ratel C4 Tool

The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell. The development marks the first time the adversary has been observed using the red teaming...

SideWinder’s Nim Backdoor Spells Trouble for South Asian Nations

Summary: SideWinder, also known as Razor Tiger, commenced its offensive operations in 2012 and has recently shifted its focus to targeting Bhutan. It employs deceptive content, ultimately executing the Nim Backdoor. The decoy content utilized in the sample is directly sourced from announcements...

Iranian Company Cloudzy Accused of Aiding Cybercriminals and Nation-State Hackers

Services offered by an obscure Iranian company known as Cloudzy are being leveraged by multiple threat actors, including cybercrime groups and nation-state crews. "Although Cloudzy is incorporated in the United States, it almost certainly operates out of Tehran, Iran – in possible violation of U....

Patchwork Hackers Target Chinese Research Organizations Using EyeShell Backdoor

Threat actors associated with the hacking crew known as Patchwork have been spotted targeting universities and research organizations in China as part of a recently observed campaign. The activity, according to KnownSec 404 Team, entailed the use of a backdoor codenamed EyeShell. Patchwork, also...

Rogue Android Apps Target Pakistani Individuals in Sophisticated Espionage Campaign

Individuals in the Pakistan region have been targeted using two rogue Android apps available on the Google Play Store as part of a new targeted campaign. Cybersecurity firm Cyfirma attributed the campaign with moderate confidence to a threat actor known as DoNot Team, which is also tracked as...

State-Sponsored Sidewinder Hacker Group's Covert Attack Infrastructure Uncovered

Cybersecurity researchers have unearthed previously undocumented attack infrastructure used by the prolific state-sponsored group SideWinder to strike entities located in Pakistan and China. This comprises a network of 55 domains and IP addresses used by the threat actor, cybersecurity companies...

State-Sponsored Sidewinder Hacker Group's Covert Attack Infrastructure Uncovered

Cybersecurity researchers have unearthed previously undocumented attack infrastructure used by the prolific state-sponsored group SideWinder to strike entities located in Pakistan and China. This comprises a network of 55 domains and IP addresses used by the threat actor, cybersecurity companies...

Actors, Threats and Vulnerabilities 08 to 14 May 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, identified a total of nine attacks that were executed. Additionally, HiveForce Labs identified four different...