SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa

Mar 11, 2025Ravie LakshmananCyber Espionage / Maritime Security

Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder.

The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy infrastructure in South Asia and Africa, as well as telecommunication, consulting, IT service companies, real estate agencies, and hotels.

In what appears to be a wider expansion of its victimology footprint, SideWinder has also targeted diplomatic entities in Afghanistan, Algeria, Bulgaria, China, India, the Maldives, Rwanda, Saudi Arabia, Turkey, and Uganda. The targeting of India is significant as the threat actor was previously suspected to be of Indian origin.

“It is worth noting that SideWinder constantly works to improve its toolsets, stay ahead of security software detections, extend persistence on compromised networks, and hide its presence on infected systems,” researchers Giampaolo Dedola and Vasily Berdnikov said, describing it as a “highly advanced and dangerous adversary.”

SideWinder was previously the subject of an extensive analysis by the Russian cybersecurity company in October 2024, documenting the threat actor’s use of a modular post-exploitation toolkit called StealerBot to capture a wide range of sensitive information from compromised hosts. The hacking group’s targeting of the maritime sector was also highlighted by BlackBerry in July 2024.

The latest attack chains align with what has been reported before, with the spear-phishing emails acting as a conduit to deliver booby-trapped documents that leveraged a known security vulnerability in Microsoft Office Equation Editor (CVE-2017-11882) in order to activate a multi-stage sequence, which in turn, employs a .NET downloader named ModuleInstaller to ultimately launch StealerBot.

Kaspersky said some of the lure documents are related to nuclear power plants and nuclear energy agencies, while others included content referencing maritime infrastructures and various port authorities.

“They are constantly monitoring detections of their toolset by security solutions,” Kaspersky said. “Once their tools are identified, they respond by generating a new and modified version of the malware, often in under five hours.”

“If behavioral detections occur, SideWinder tries to change the techniques used to maintain persistence and load components. Additionally, they change the names and paths of their malicious files.”

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!