TLP: CLEAR

Distribution: Public

Type of Threat: Ongoing Phishing Campaign Targeting Bangladesh

Date: 04 January 2024

Executive Summary

Cyber Threat Intelligence Unit of BGD e-GOV CIRT has detected a suspicious ongoing phishing campaign by APT group named as SideWinder targeted at Bangladeshi entities such as Bangladesh Armed Forces Division (AFD) and Law Enforcement Agencies. The group is known as a highly active hacker group who has shown the capability to conductseveral attacks within a short time span and poses threats to organizations in South and East Asia. This alert includes an extensive list of IOCs and the group TTPs in order to help Bangladeshi organizations in taking preventive security measures accordingly. In Primary investigation we noticed that the main target of this APT group is to steal sensitive, confidential and classified documents.

Fig 1: Threat model of SideWinder APT group

Sources of Alert: Threat intelligence research

Research Conducted by: Cyber Threat Intelligence Unit, BGD e-GOV CIRT

Threat level: High

Associated Malware/ Tools/ Techniques: Spear phishing attachment/ links, document exploitation, DLL Side Loading

Targeted Organization: Government, Defense and Law Enforcement Agencies

Attack Surface: Windows and Android systems

Threat Index

With coordination of threat intelligence sources, peer organizations feeds and OSINT assessments BGD e-GOV CIRT identifies some attributes, IOCs and other associated information about the persistent group activities.

Threat Actor

The threat actor behind the phishing campaign is known as ‘Sidewinder’. The group is identified as a prolific nation-state group that has been active since at least 2012. They have been observed to primarily use spear phishing attacks as a method to gain entry to target systems such as government, military, and business entities throughout Asia, primarily focusing on Pakistan, China, Nepal, Afghanistan, Bangladesh, Myanmar, Philippines, Qatar, Singapore and Turkey.

Threat motives

Sensitive, Confidential and Classified information theft and cyber espionage.

Alias

RAZOR TIGER, Rattlesnake, APT-C-17, T-APT-04, Hardcore Nationalist (HN2)

Target Sectors

Government, Military, Law enforcement, HealthCare, Telecommunication, Financial

Institutions, News and Media

Target Countries

Afghanistan, Armenia, China, Bangladesh, Belarus, Bhutan, Brazil, China, India, Israel,

Kazakhstan, Kyrgyzstan, Mexico, Moldova, Myanmar, Nepal, Pakistan, Philippines, Poland,

Qatar, Russian Federation, Saudi Arabia, Singapore, Sri Lanka, Tajikistan, Thailand, Turkey,

Turkmenistan, Ukraine, Uzbekistan

To Read the full Alerts, Please Click Here