SideWinder APT Group Uses PDF and ClickOnce for Espionage

The SideWinder APT group has conducted a sophisticated espionage campaign targeting multiple diplomatic entities. The campaign features a novel PDF and ClickOnce-based infection chain to deliver custom malware for intelligence collection. The phishing waves distributed SideWinder’s signature espionage tools through fake PDF and Word documents. The malware uses geofencing and dynamic URL generation to evade detection, aligning with SideWinder’s historic patterns.

Latest mentioned: 10-28

Earliest mentioned: 10-23

Sources

securityonline.info gbhackers.com cybersum.net

Also Read

WordPress WooCommerce Sites Targeted by Sophisticated Malware

The Wordfence Threat Intelligence Team has uncovered a sophisticated malware campaign targeting WordPress e-commerce sites using the WooCommerce plugin. The malware, disguised as legitimate plugins like 'jwt-log-pro' and 'cron-environment-advanced,' hides malicious payloads inside fake images and evades detection through custom encryption. It logs users with high privileges, intercepts login credentials, and establishes a backdoor for remote command access. The malware is attributed to Magecart Group 12, known for credit card skimming operations. The campaign has compromised over 25,000 IP addresses, primarily in Southeast Asia and North America, with a focus on network video recorders and routers.

10-31Read more →