SideWinder is one of the most prolific cyber crime groups in the world, and it has mostly flown under the radar despite its large attack volume. Much of its activity suggest that this group is aligned with India, with some positing that it might be actively sponsored by the Indian state because of the fact that this is the sort of thing that could potentially end up explaining some of its activities and attack patterns.
Research conducted by Group-IB just revealed that Sidewinder has been trying to target Pakistani government and military officials with phishing attacks. Pakistan has been one of the biggest targets for this group, and with all of that having been said and now out of the way it is important to note that this latest attack involved a fake VPN that was available on the Google Play Store.
The threat actor is currently running a domain that poses as an official Pakistani government website where many prominent Pakistani politicians and figures are being impersonated with all things having been considered and taken into account. Interestingly, this site as well as various fake Covid vaccine links that the malicious cybercrime group has been posting on Facebook have scripts that prevent users from a non-Pakistani IP address from accessing them, instead redirecting them to an actual government webpage.
SideWinder has not only targeted Pakistan with almost every country in the South and Southeast Asian region seeing some form of attack be it economic or military. In spite of the fact that this is the case, Pakistani targets have borne the brunt of their assault, and this is suggesting a concerning trend in which state sponsored cyber terrorism is becoming more mainstream.
Much of the discussion surrounding state sponsored hackers focuses on Russian and Chinese groups, and that has led to this Indian group getting less attention perhaps because its targets are not in the west. With this group’s attacks increasing in quantity and severity, the situation might soon get out of hand. Basic education needs to be given to prevent phishing attacks from having an effect.
Read next: ChromeLoader is Way More Dangerous Than the Average Browser Hijacker, Here’s Why
Research conducted by Group-IB just revealed that Sidewinder has been trying to target Pakistani government and military officials with phishing attacks. Pakistan has been one of the biggest targets for this group, and with all of that having been said and now out of the way it is important to note that this latest attack involved a fake VPN that was available on the Google Play Store.
The threat actor is currently running a domain that poses as an official Pakistani government website where many prominent Pakistani politicians and figures are being impersonated with all things having been considered and taken into account. Interestingly, this site as well as various fake Covid vaccine links that the malicious cybercrime group has been posting on Facebook have scripts that prevent users from a non-Pakistani IP address from accessing them, instead redirecting them to an actual government webpage.
SideWinder has not only targeted Pakistan with almost every country in the South and Southeast Asian region seeing some form of attack be it economic or military. In spite of the fact that this is the case, Pakistani targets have borne the brunt of their assault, and this is suggesting a concerning trend in which state sponsored cyber terrorism is becoming more mainstream.
Much of the discussion surrounding state sponsored hackers focuses on Russian and Chinese groups, and that has led to this Indian group getting less attention perhaps because its targets are not in the west. With this group’s attacks increasing in quantity and severity, the situation might soon get out of hand. Basic education needs to be given to prevent phishing attacks from having an effect.
Read next: ChromeLoader is Way More Dangerous Than the Average Browser Hijacker, Here’s Why