Ports And Maritime Facilities Targeted By SideWinder APT Group

A recent campaign targeting ports and maritime facilities in the Indian Ocean and Mediterranean Sea was launched by The SideWinder APT group. Using upgraded infrastructure and different tactics SideWinder employed phishing emails with highly specific themes that duplicated logos to deliver malicious documents and obfuscated JavaScript code. The campaign targeted Pakistan Egypt Sri Lanka Bangladesh Myanmar Nepal and the Maldives for espionage and intelligence gathering purposes. The attackers exploited a known vulnerability CVE-2017-0199 in Microsoft Office to gain initial access via remote template injection. They then used shellcode to ensure the system was an actual machine and not a virtual machine before deploying their actual payloads. SideWinder then made use of Tor nodes and domain structures to aid in obfuscation and persistence.