One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2181207 |
| Date de publication | 2021-01-13 11:00:00 (vue: 2021-01-13 11:05:27) |
| Titre | A Global Perspective of the SideWinder APT |
| Texte |
AT&T Alien Labs has conducted an investigation on the adversary group publicly known as SideWinder in order to historically document its highly active campaigns and identify a more complete picture of targets, motivations, and objectives. Through our investigation, we have uncovered a collection of activity targeting government and business throughout South Asia and East Asia spanning many years. Our findings are primarily focused on activity since 2017, however the group has been reportedly operating since at least 2012.
Alien Labs along with other security researchers have assessed with low to medium confidence that the group is operates in support of India political interests based on targets, campaign timelines, technical characteristics of command and control (C2) infrastructure and malware, association with other known India interest APTs, in addition to past cyber threat intelligence reporting and our private telemetry.
SideWinder is a highly active adversary primarily making use of email spear phishing, document exploitation, and DLL Side Loading techniques to evade detection and to deliver targeted implants. The adversary activity remains at a consistent rate and AT&T Alien Labs recommends the deployment of detections and retrospective analysis of shared indicators of compromise (IOCs) for past undetected activity. In this report we are providing a timeline of known campaigns and their associated IOCs, in addition to a large number of campaigns/IOCs which have not been previously reported or publicly identified.
Full reports and IOCs are available here.
      |
| Envoyé | Oui |
| Condensat | 2012 2017 active activity addition adversary alien along analysis apt apts are asia assessed associated association at&t available based been business campaign campaigns campaigns/iocs characteristics collection command complete compromise conducted confidence consistent control cyber deliver deployment detection detections dll document east email evade exploitation findings focused full global government group has have here highly historically however identified identify implants india indicators infrastructure intelligence interest interests investigation iocs its known labs large least loading low making malware many medium more motivations not number objectives operates operating order other past perspective phishing picture political previously primarily private providing publicly rate recommends remains report reported reportedly reporting reports researchers retrospective security shared side sidewinder since south spanning spear support targeted targeting targets technical techniques telemetry threat through throughout timeline timelines uncovered undetected use which years |
| Tags | Threat |
| Stories | APT-C-17 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.