SideWinder targets Pakistan with new espionage tool

SideWinder, also known as T-APT-04 or 'RattleSnake', is one of the most prolific APT groups, having commenced operations in 2012.

Over the years, the group has primarily targeted military and government entities in Pakistan, Sri Lanka, China and Nepal as well as other sectors and countries in South and Southeast Asia.

Its other targets include logistics and infrastructure, telecommunications companies, financial institutions, universities and oil trading companies.

Recently, Kaspersky Global Research and Analysis Team (GReAT) detected that the SideWinder APT group is expanding its attack operations into the Middle East and Africa, utilizing a previously unknown espionage toolkit called 'StealerBot'.

StealerBot is an advanced modular implant designed specifically for espionage activities. Kaspersky discovered that recent campaigns have been targeting high-profile entities and strategic infrastructures in these regions, while the campaign in general remains active and may threaten other victims.

During its latest investigation, Kaspersky observed that 'StealerBot' is performing a range of malicious activities, such as installing additional malware, capturing screenshots, logging keystrokes, stealing passwords from browsers, intercepting RDP (Remote Desktop Protocol) credentials, exfiltrating files, and more.

"In essence, 'StealerBot' is a stealthy espionage tool that allows threat actors to spy on systems while avoiding easy detection and operates through a modular structure, with each component designed to perform a specific function," Giampaolo Dedola, lead security researcher at Kaspersky's GReAT, said.

"Notably, these modules never appear as files on the system's hard drive, as instead they are loaded directly into the memory, making them difficult to trace."