Tag: south asia

4 Attack Reports | 0 Vulnerabilities

Attack reports

SideWinder targets the maritime and nuclear sectors with an updated toolset

The SideWinder APT group intensified its activities in the second half of 2024, targeting maritime infrastructures, logistics companies, and nuclear sectors across Asia, the Middle East, and Africa. The group updated its toolset, including improvements to its RTF exploit, JavaScript loader, and Bac…

downloader module

backdoor loader

module installer

Published: March 10, 2025

Downloadable IOCs: 38

CL-STA-0048: An Espionage Operation Against High-Value Targets in South Asia

A sophisticated cyberespionage campaign targeting high-value entities in South Asia, particularly a telecommunications organization, has been identified. The threat actor, tracked as CL-STA-0048, employed rare techniques like 'Hex Staging' for payload delivery and DNS-based data exfiltration. The o…

Published: January 30, 2025

Downloadable IOCs: 21

Hidden in Plain Sight: New Attack Chain Delivers Espionage RATs

An advanced persistent threat group, TA397, targeted a Turkish defense organization with a sophisticated attack chain. The campaign used a RAR archive containing a decoy PDF, a shortcut file, and an Alternate Data Stream with PowerShell code. The infection process involved creating a scheduled task…

scheduled tasks

alternate data streams

Published: December 17, 2024

Downloadable IOCs: 0

Credential Phishing Pages Mimicking Legitimate Webmail Login Portals

Since August 2024, an India-linked threat actor has been targeting entities in China and South Asia using credential phishing pages that mimic legitimate webmail login portals. The campaign primarily focuses on government and defense sectors. The phishing domains share common characteristics, inclu…

domain spoofing

credential phishing

Published: September 18, 2024

Downloadable IOCs: 20

Click here to see more Attack Reports