Hackers Target Maritime Facilities With Malware

Researchers have uncovered a new cyber attack campaign believed to originate from India, that has been active since 2012, which uses spear-phishing to deliver malicious payloads that trigger the attack chains. 

This campaign is attributed to a nation-state advanced persistent threat group (APT) known as SideWinder, which is though the be behind an  espionage campaign targeting ports and maritime facilities in the Indian Ocean and the Mediterranean.

Also known as Rattlesnake and Razor Tiger, SideWinder has been active since at least 2012, mainly targeting government, military, and businesses for the purpose of cyber espionage.

The Research & Intelligence Team at BlackBerry say that targets of the spear-phishing campaign include countries like Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and the Maldives and is assessed to be affiliated with India. 

The latest set of attacks employs baited-traps on topics related to sexual harassment, employee termination and salary cuts in order to trick recipients into opening decoy MS Word documents. 

Once the decoy file is opened, it activates a known security flaw (CVE-2017-0199) to establish contact with a malicious domain that masquerades as Pakistan's Directorate General Ports and Shipping ("reports.dgps-govtpk[.]com") to retrieve a Rich Text Format (RTF) file. 

The RTF document downloads a document that exploits another years-old security vulnerability in the Microsoft Office Equation Editor, with the goal of executing  a small piece of executable code used as a payload, built to exploit vulnerabilities in a system or carry out malicious commands that's responsible for launching JavaScript code, but only after ensuring that the compromised system is legitimate and is of interest to the threat actor.

While the BlackBerry researchers have not captured the final payload, they believe the JavaScript malware delivered by SideWinder is intended collect intelligence and compromising material. 

BlackBerry   |     Hacker News   |    Security Week   |    Dark Reading   |    Cyber Express   |   Security Affairs  

Image: Ideogram

You Might Also Read: 

A Database Tracking Maritime Cyber Attacks:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« AI At The Paris 2024 Olympics
Dark Angels Score Record Breaking $75m Ransom »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Versasec

Versasec

Versasec is a leader in identity and access management, providing customers with security solutions for managing digital identities.

SiteGuarding

SiteGuarding

SiteGuarding provide website security tools and services to protect your website against malware and hacker exploits.

ActiveCyber

ActiveCyber

ActiveCyber is a source for news, reviews, learning, and technological innovation in the active cyber defense industry.

DirectDefense

DirectDefense

DirectDefense is an information security services and managed services provider.

Exeon Analytics

Exeon Analytics

Exeon Analytics is a Swiss cyber security company that is specialized in detecting hidden data breaches and advanced cyber attacks.

NinjaJobs

NinjaJobs

NinjaJobs is a community-run job platform developed by information security professionals. We focusing strictly on cybersecurity positions.

M2SYS

M2SYS

M2SYS is a worldwide leader in identification and authentication solutions.

Seknox

Seknox

Seknox TRASA™ protects your business from insider threats.

Network Intelligence

Network Intelligence

Network Intelligence delivers a comprehensive suite of AI-powered cybersecurity solutions built on the ADVISE framework.

EnigmaSoft

EnigmaSoft

EnigmaSoft is known for its PC anti-malware remediation utility and service under the tradename SpyHunter.

Appalachia Technologies

Appalachia Technologies

Appalachia is a full service Managed Services Provider with a focus on cybersecurity, backed by the best engineers.

MiC Talent Solutions

MiC Talent Solutions

MiC Talent Solutions provides recruiting, direct hire, augmented staff, and professional service contracting solutions for organizations searching for minority cybersecurity talent.

Pistachio

Pistachio

Pistachio is the new evolution of cybersecurity awareness training and attack simulations.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.

Cloud Carib

Cloud Carib

Cloud Carib is the premier provider of managed cloud services in the Caribbean and Latin American regions.

SecureCo

SecureCo

SecureCo supports some of the most demanding cyber practitioners in the world, offering defense-in-depth cybersecurity to support API protection and data transport assurance.