Menu
Browse

Cyber Threat Actor: SideWinder APT

Aliases: 5 aliases
Actor Type Location Known Incidents
 Icon
Spy
5 incidents
Profile

SideWinder APT, operating under this primary alias, conducts cyberespionage operations primarily targeting military and government organizations. The group focuses on South Asian regions, with documented attacks against entities in Nepal and Afghanistan, including the Nepali Ministry of Defense, Ministry of Foreign Affairs, and Afghanistan's Presidential Palace. Its strategic objective centers on intelligence collection from high-value national security targets, explicitly aiming to exfiltrate sensitive defense and diplomatic information through sustained campaigns rather than financial gain or disruptive actions. Operations demonstrate a consistent interest in geopolitical intelligence relevant to territorial disputes and regional security affairs.

The threat actor employs multi-platform intrusion techniques combining credential-phishing emails with malicious mobile applications. Phishing lures thematically exploit active regional territorial conflicts to enhance social engineering effectiveness, often delivering backdoor malware through email attachments. Mobile attack vectors involve compromised applications designed to facilitate persistent access to devices. Technical approaches emphasize credential harvesting alongside backdoor deployment for network infiltration, enabling systematic intelligence gathering from compromised systems. The December 2020 campaign exemplifies these tactics, simultaneously targeting Afghan and Nepali entities through coordinated email and mobile application attacks to steal sensitive data from defense and governmental networks. This operation highlights the group's focus on leveraging geopolitical tensions as thematic bait while maintaining operational flexibility across multiple intrusion vectors.

Incidents
Attributed incidents available to members
5 incidents
Sources
Sources available to members
0 sources