Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

SideWinder Hits Maritime and Nuclear Sectors

March 11, 2025
Reading Time: 2 mins read
in Alerts
High Severity Flaws Found in SCADA Products

SideWinder, an advanced persistent threat (APT) group, has been targeting maritime and logistics companies across South and Southeast Asia, the Middle East, and Africa. The attacks, observed by Kaspersky in 2024, have affected countries including Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. The group has also expanded its focus to nuclear power plants and nuclear energy infrastructure in South Asia and Africa. In addition to maritime and logistics companies, other sectors such as telecommunications, IT service firms, real estate agencies, and hotels have also been affected by these cyberattacks. The widespread nature of these attacks underscores the group’s strategic targeting of critical infrastructure and businesses in key regions.

Recently, SideWinder has expanded its victimology footprint to include diplomatic entities in various countries, including Afghanistan, Algeria, Bulgaria, China, India, the Maldives, Rwanda, Saudi Arabia, Turkey, and Uganda. The group’s activities targeting India are particularly noteworthy, as it had previously been suspected to be of Indian origin. The group’s ability to target such a wide range of organizations, from government entities to private-sector companies, highlights its diverse and strategic objectives. Researchers from Kaspersky noted that SideWinder is a highly advanced and dangerous adversary that continuously adapts its tactics and improves its toolsets to evade detection and remain persistent within compromised networks.

SideWinder’s attack methods are sophisticated, beginning with spear-phishing emails designed to deliver malicious documents to their targets.

These documents often exploit known vulnerabilities in Microsoft Office Equation Editor, specifically CVE-2017-11882, to trigger a multi-stage attack sequence. The sequence uses a .NET downloader named ModuleInstaller to deploy the StealerBot toolkit, which captures sensitive information from compromised hosts. Some of the lure documents used in these campaigns are specifically related to nuclear power plants, nuclear energy agencies, and maritime infrastructure, including port authorities.

This specialized targeting suggests that SideWinder has a clear focus on sectors critical to national security and international trade.

Kaspersky researchers have observed that SideWinder continuously monitors its toolset for any detection by security solutions and responds quickly by modifying its malware. If a particular tool or technique is identified, the group generates new versions of the malware within hours, allowing them to maintain their operations without disruption. Additionally, if behavioral detections occur, SideWinder adapts by altering its techniques to maintain persistence on compromised systems. They frequently change the names and paths of their malicious files to evade detection. This constant adaptation makes SideWinder one of the most persistent and evasive APT groups, capable of continuing its cyberattacks for long periods without being noticed.

Reference:
  • SideWinder APT Expands Attacks on Maritime Logistics and Nuclear Sectors Worldwide
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityMarch 2025
ADVERTISEMENT

Related Posts

Russian APT28 Deploys Outlook Backdoor

SAP S4hana Exploited Vulnerability

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Virustotal Finds Undetected SVG Files

September 5, 2025
Russian APT28 Deploys Outlook Backdoor

Russian APT28 Deploys Outlook Backdoor

September 5, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Lazarus Hackers Exploit ZeroDay, Deploy Rats

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

CISA Flags TP Link Router Flaws

September 4, 2025
Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

September 4, 2025

Latest Alerts

SAP S4hana Exploited Vulnerability

Virustotal Finds Undetected SVG Files

Russian APT28 Deploys Outlook Backdoor

CISA Flags TP Link Router Flaws

Lazarus Hackers Exploit ZeroDay, Deploy Rats

Google Patches 120 Flaws In Android

Subscribe to our newsletter

    Latest Incidents

    North Korean Hackers Fake Interviews

    Bridgestone Confirms Cyberattack

    Cybersecurity Firms Hit By Breach

    Salesloft Drift Attacks Hits Vendors

    Jaguar Land Rover Hit By Cyber Incident

    Hackers Use Grok Ai To Spread Malware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial