55 fake websites recreated with high fidelity - the hackers are determined.
According to a joint report by Group-IB and Bridewell, the hacker group SideWinder, allegedly backed by the Indian government, is using a new attack infrastructure to carry out targeted cyber strikes against targets in Pakistan and China.
According to the researchers, hackers have registered 55 domains that mimic various organizations in the areas of news, government, telecommunications and finance.
"The identified phishing domains mimic various organizations in the news, government, telecommunications and finance sectors," the researchers said.
The SideWinder group has been known for its activity since 2012. It predominantly uses specialized phishing emails to infiltrate targeted networks. The group's range of targets is believed to be linked to Indian intelligence interests, with Pakistan, China, Sri Lanka, Afghanistan, Bangladesh, Myanmar, the Philippines, Qatar and Singapore being the most frequently attacked countries.
In February 2023, Group-IB presented evidence that SideWinder may have attacked 61 government, military, law enforcement and other organizations across Asia in the second half of 2022. More recently, the group has been seen using a technique called "Server-Based Polymorphism" in stealth attacks against Pakistani government organizations.
The aforementioned domains created by attackers imitate government organizations in Pakistan, China and India. Many of them featured “trap documents” about the government. They are intended for downloading the payload of the next stage to the target device.
During the investigation, experts identified many malicious files involved in the infection. Among them are Microsoft Word documents purporting to be from the Pakistan Naval College; malicious Windows shortcuts (".lnk") that launch malicious HTML applications; as well as fake Android mobile apps.
Overall, the phishing domains used in this malicious campaign indicate that SideWinder is targeting media, financial, government, law enforcement, and e-commerce companies in Pakistan and China.