A threat actor known as SideWinder has targeted diplomatic entities, including an Indian embassy and organizations across South Asia, with evolving malware deployment tactics. Their campaigns involve sophisticated phishing using PDF and Word documents to deliver modular malware for espionage activities. #SideWinder #ModuleInstaller #StealerBot #NewDelhiEmbassy #SouthAsiaThreats
Keypoints
- SideWinder launched multi-wave spear-phishing campaigns against diplomatic targets in South Asia in 2025.
- The group has adopted new infection techniques using PDF and ClickOnce-based attack chains.
- Malware families like ModuleInstaller and StealerBot are used for system profiling and data theft.
- The attack payloads rely on legitimate applications with valid signatures for evasion.
- Phishing emails often mimic official government domains to lure victims into downloading malicious files.
Read More: https://thehackernews.com/2025/10/sidewinder-adopts-new-clickonce-based.html