Today > vulnerabilities   -   You can now download lists of IOCs here!

SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea

July 30, 2024, 4:29 p.m.

Tags
espionage
phishing
vulnerability
nation-state
javascript
targeted
CVE-2017-0199
CVE-2017-11882
2024-07-30
infrastructure
maritime
External References
Description

BlackBerry's researchers have uncovered a new campaign by the nation-state threat actor SideWinder. The group employs sophisticated techniques, such as utilizing carefully crafted phishing emails with visual lures designed to target specific organizations. The campaign aims to compromise ports and maritime facilities in the Indian Ocean and Mediterranean Sea regions through espionage and intelligence gathering activities. The attack chain involves exploiting vulnerabilities in Microsoft Office and downloading malicious JavaScript payloads from the group's infrastructure. SideWinder continuously evolves its tactics, making it an ongoing threat.

Date

Published: July 30, 2024, 3:39 p.m.

Created: July 30, 2024, 3:39 p.m.

Modified: July 30, 2024, 4:29 p.m.

Indicators

ceb93ee3093dbf1a49918ede81055018d9c0f0945a97f904a16951010cfbce61

b72ac58d599e6e1080251b1ac45a521b33c08d7d129828a4e82a7095e9f93e53

9572312a12605c6a6ea6447af6fc063f4196aeba523ed38ce2c5ff51c33d4831

512a83f1a6c404cb0ba679c7a2f3aa782bb5e17840d31a034de233f7500a6cb9

142c6a4c7e9efbf6f3176df3ff218449bb4f7b2a69d60060e6339f1c3cc95d93

006e5fe0c01712391c54319a9d1579d7208f3cfa9f49fe56a14d93f0d0e8928b

e21396bf5f9936310b4f53273db330a9620d78c1c744277b0e9126f0afdbc29d

9ce32ce5e2b70fec7f749e7868d89a4e3e739fed9c75cd6c4ec6eafde4c3711a

613068422c214b944c7b2e3fb60412ed99d35c9e18d53d45b16965c5a36f734a

91.223.208.175

89.150.40.43

5.255.113.149

5.230.35.199

159.69.189.137

https://reports.dgps-govtpk.com/63645534-case/doc.rtf

https://salary-cutting.session-out.com/37656199_notice/doc.rtf

https://mora.pdfadobe.com/d8149d32/mora/doc.rtf

https://moitt-gov-pk.fia-gov.net/720705null

https://moitt-gov-pk.fia-gov.net/643705null

https://mofa-gov-sa.direct888.net/015094_consulategz

https://mailarmylk.mods.email/Ltr86-ef2265ef

https://heatwave.paknavy.store/pn/510426/doc.rtf

http://investigation04.session-out.com/fbd901_harassment/doc.rtf

salary-cutting.session-out.com

reports.dgps-govtpk.com

paknavy.dgps-govtpk.com

mora.pdfadobe.com

mailnepalarmymilnp.mods.email

mailnepalarmymil.mods.email

mailmofagovnp.mods.email

mailmofagovmv.mods.emailmailmofagovnp.mods.email

mailmofagovmv.mods.email

mailmofagovmm.mods.email

mailforegngovmv.mods.email

mailarmymilbd.mods.email

mailarmylk.mods.email

investigation04.session-out.com

mailafdgovbd.mods.email

heatwave.paknavy.store

gta5.mods.email

ftp.mods.email

session-out.com

paknavy-govpk.com

dgps-govtpk.com

paknavy.store

moitt-gov-pk.fia-gov.net

mofa-gov-sa.direct888.net

Download all indicators here!

Attack Patterns

SideWinder

T1221

T1480

T1059.007

T1071.001

T1518.001

T1204.002

T1203

T1105

T1047

T1140

T1027

CVE-2017-11882

CVE-2017-0199

Additional Informations

Maldives

Egypt

Myanmar

Sri Lanka

Nepal

Bangladesh

Pakistan