• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
September 16, 2022
Rewterz Threat Upate – Uber Hacked, Internal Systems, Confidential Documents, & Vulnerability Reports Were Compromised
September 16, 2022

Rewterz Threat Alert – APT SideWinder Group Targeting Pakistani Telecom – Active IOCs

September 16, 2022

Severity

High

Analysis Summary

Sidewinder is a suspected Indian threat actor group that has been active since 2012. They have been observed attacking political, military, and corporate organizations throughout Asia, with Pakistan, China, Nepal, and Afghanistan being the most common targets. RAZOR TIGER, Rattlesnake, APT-C-17, and T-APT-04 are the aliases for Sidewinder APT. This APT has been targeting Pakistani government officials with a decoy file related to FOCUSED TALK ON RUSSIAN UKRAINE CONFLICT IMPACT ON PAKISTAN. They employ custom implementations to attack existing vulnerabilities and then deploy a Powershell payload in the final stages to distribute the malware. Sidewinder was also detected employing credential phishing sites that were copied from their victims’ webmail login pages.

In June, 2022, researchers discovered a new malicious infrastructure and a custom tool of the APT group SideWinder (aka Rattlesnake, Hardcore Nationalist, RAZOR TIGER, T-APT-04, and APT-C-17), a threat actor originating from India and particularly targeting Pakistan. SideWinder.AntiBot.Script, a newly found bespoke tool, was utilized in a phishing attack against Pakistani targets.

In July, cyberattacks by Sidewinder APT targeted Pakistani military targets. According to researchers, the Pakistan Air Force Headquarters was the target of the latest Sidewinder strike. While malware file analysis on Virus Total frequently exposes the identification of the attack campaign’s targets, it is unusual to find proof that the attack was successful.

Recently, this group was observed targeting the Pakistani telecom sector with a malicious doc named: Circular 31082022.docx – 

Impact

Gain access

Indicators of Compromise

Domain Name

  • mofadividion[.]ptcl-gov[.]com

MD5

  • 056d1dc3032d04d7638c02056d5146c9

SHA-256

  • 53cc8f46f10e4b3958834d75b15db3aa0d8c86a63b8bd3e6ac180c05ce27d748

SHA1

  • 45ecc1c56886dd29cdc7557dd8f5954f999f56a8

URL

  • https[:]//mofadividion[.]ptcl-gov[.]com/5724/1/3268/2/0/0/0/m/files-11e30891/file[.]rtf

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.