SideWinder APT Targets Gov & Maritime Sectors

The state-sponsored threat actor SideWinder has launched a widespread cyber-espionage campaign dubbed "Operation SouthNet." The operation targets government, defense, and maritime entities across multiple nations using a vast network of phishing websites. Attackers leverage free hosting platforms to quickly deploy fake webmail login portals, tricking victims into revealing sensitive credentials. Lure documents are themed around official government business, defense procurement, and diplomatic events to increase their legitimacy. This campaign demonstrates the group's adaptive tactics, including infrastructure recycling and a growing focus on maritime intelligence gathering.

Latest mentioned: 10-07

Earliest mentioned: 10-03

Sources

securityonline.info gbhackers.com cybersum.net

Also Read

WordPress WooCommerce Sites Targeted by Sophisticated Malware

The Wordfence Threat Intelligence Team has uncovered a sophisticated malware campaign targeting WordPress e-commerce sites using the WooCommerce plugin. The malware, disguised as legitimate plugins like 'jwt-log-pro' and 'cron-environment-advanced,' hides malicious payloads inside fake images and evades detection through custom encryption. It logs users with high privileges, intercepts login credentials, and establishes a backdoor for remote command access. The malware is attributed to Magecart Group 12, known for credit card skimming operations. The campaign has compromised over 25,000 IP addresses, primarily in Southeast Asia and North America, with a focus on network video recorders and routers.

10-31Read more →