SideWinder Attackers Target Nuclear Facilities

share
Header image

SideWinder Attackers Target Nuclear Facilities

share

Spear-phishing emails that appear to concern regulatory or plant-specific matters were used.

Attacks have been detected upon nuclear facilities in South Asia by the threat actor SideWinder.

According to research by Kaspersky, the group crafts convincing spear-phishing emails that appear to concern regulatory or plant-specific matters. Once opened, these documents initiate an exploitation chain that can grant attackers access to nuclear facilities’ operational data, research projects and personnel details.

Researchers Giampaolo Dedola and Vasily Berdnikov said that SideWinder constantly works to improve its toolsets, stay ahead of security software detections, extend persistence on compromised networks, and hide its presence on infected systems.

“Based on our observation of the group’s activities, we presume they are constantly monitoring detections of their toolset by security solutions,” they said. “Once their tools are identified, they respond by generating a new and modified version of the malware, often in under five hours.

“If behavioural detections occur, SideWinder tries to change the techniques used to maintain persistence and load components. Additionally, they change the names and paths of their malicious files.”

According to Kaspersky’s research, SideWinder started operations in 2012 and over the years has primarily targeted military and government entities in Pakistan, Sri Lanka, China, and Nepal, as well as other sectors and countries in South and Southeast Asia. 
Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Advanced Persistent threats (APTs), state adversaries, nation statesPhishing Published: 11 March Written by
Dan Raywood
Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.

Upcoming Events

No events found.

Related content

Crypto phishing scam crackdown sought by new global international law enforcement operation

Crypto phishing scam crackdown sought by new global international law enforcement operation

 Iran war triggers cybercrime surge, report finds

Iran war triggers cybercrime surge, report finds

 Global cybercrime clampdown disrupts over 45K illicit IP addresses

Global cybercrime clampdown disrupts over 45K illicit IP addresses
Report: UK cyberattacks grow faster than global rate

Report: UK cyberattacks grow faster than global rate

 Novel CyberStrikeAI tool exploited in attacks

Novel CyberStrikeAI tool exploited in attacks

 Industry urges reform to retain women in tech

Industry urges reform to retain women in tech
NCSC flags heightened threat in Middle East

NCSC flags heightened threat in Middle East