Sri Lankan Ministry of Defense

The Sri Lankan Ministry of Defense is a government entity responsible for overseeing the national defense and security apparatus of Sri Lanka. Its core mandate involves formulating defense policy, managing the armed forces, and ensuring the territorial integrity and sovereignty of the nation. This includes directing military strategy, coordinating intelligence activities, and managing relationships with international defense partners. The ministry operates within the Sri Lankan governmental structure, reporting to the highest levels of national leadership. Its primary operational focus is directed towards safeguarding Sri Lanka's national interests and maintaining internal security.

In December 2020, the ministry's digital infrastructure, or entities closely associated with its sphere of influence, became the target of a sophisticated cyber espionage campaign orchestrated by the SideWinder advanced persistent threat group. This operation also targeted military and government bodies in Nepal and Afghanistan. Attackers employed phishing emails crafted with lures related to regional territorial disputes, a tactic designed to exploit geopolitical tensions and increase the likelihood of successful compromise. The campaign involved deploying credential-harvesting techniques to steal user login information and emailing malicious backdoors designed to establish persistent access within compromised systems.

The attackers further utilized malicious mobile applications as part of their intrusion set, broadening the potential attack surface beyond traditional computer systems. The primary objective of this coordinated cyber operation was intelligence gathering, specifically targeting high-value military and government personnel and systems to steal sensitive information. SideWinder demonstrated notable competencies in social engineering, malware development, and distribution, enabling them to conduct a multi-faceted attack exploiting both technical vulnerabilities and human factors. This incident highlights the persistent cyber threat faced by national defense institutions globally from well-resourced and motivated adversaries seeking strategic intelligence. The ministry's role makes it a prime target for such espionage activities aimed at compromising national security information.