SideWinder targets the maritime and nuclear sectors with an updated toolset
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
The SideWinder APT group intensified its activities in the second half of 2024, targeting maritime infrastructures, logistics companies, and nuclear sectors across Asia, the Middle East, and Africa. The group updated its toolset, including improvements to its RTF exploit, JavaScript loader, and Backdoor Loader. SideWinder's infection chain begins with spear-phishing emails containing malicious DOCX files, exploiting CVE-2017-11882 to deliver a multi-stage payload. The group demonstrated agility in evading detection, often updating their tools within hours of being identified. Notable targets included government entities, military installations, and diplomatic missions, with an increased focus on maritime and nuclear-related organizations.
OPENCTI LABELS :
apt,spear-phishing,javascript,cve-2017-11882,africa,maritime,south asia,stealerbot,rtf exploit,nuclear,downloader module,backdoor loader,module installer
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
SideWinder targets the maritime and nuclear sectors with an updated toolset