Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

SideWinder Hits Maritime and Nuclear Sectors

March 11, 2025
Reading Time: 2 mins read
in Alerts
High Severity Flaws Found in SCADA Products

SideWinder, an advanced persistent threat (APT) group, has been targeting maritime and logistics companies across South and Southeast Asia, the Middle East, and Africa. The attacks, observed by Kaspersky in 2024, have affected countries including Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. The group has also expanded its focus to nuclear power plants and nuclear energy infrastructure in South Asia and Africa. In addition to maritime and logistics companies, other sectors such as telecommunications, IT service firms, real estate agencies, and hotels have also been affected by these cyberattacks. The widespread nature of these attacks underscores the group’s strategic targeting of critical infrastructure and businesses in key regions.

Recently, SideWinder has expanded its victimology footprint to include diplomatic entities in various countries, including Afghanistan, Algeria, Bulgaria, China, India, the Maldives, Rwanda, Saudi Arabia, Turkey, and Uganda. The group’s activities targeting India are particularly noteworthy, as it had previously been suspected to be of Indian origin. The group’s ability to target such a wide range of organizations, from government entities to private-sector companies, highlights its diverse and strategic objectives. Researchers from Kaspersky noted that SideWinder is a highly advanced and dangerous adversary that continuously adapts its tactics and improves its toolsets to evade detection and remain persistent within compromised networks.

SideWinder’s attack methods are sophisticated, beginning with spear-phishing emails designed to deliver malicious documents to their targets.

These documents often exploit known vulnerabilities in Microsoft Office Equation Editor, specifically CVE-2017-11882, to trigger a multi-stage attack sequence. The sequence uses a .NET downloader named ModuleInstaller to deploy the StealerBot toolkit, which captures sensitive information from compromised hosts. Some of the lure documents used in these campaigns are specifically related to nuclear power plants, nuclear energy agencies, and maritime infrastructure, including port authorities.

This specialized targeting suggests that SideWinder has a clear focus on sectors critical to national security and international trade.

Kaspersky researchers have observed that SideWinder continuously monitors its toolset for any detection by security solutions and responds quickly by modifying its malware. If a particular tool or technique is identified, the group generates new versions of the malware within hours, allowing them to maintain their operations without disruption. Additionally, if behavioral detections occur, SideWinder adapts by altering its techniques to maintain persistence on compromised systems. They frequently change the names and paths of their malicious files to evade detection. This constant adaptation makes SideWinder one of the most persistent and evasive APT groups, capable of continuing its cyberattacks for long periods without being noticed.

Reference:
  • SideWinder APT Expands Attacks on Maritime Logistics and Nuclear Sectors Worldwide
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityMarch 2025
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial