Hackers Target Maritime Facilities With Malware

Researchers have uncovered a new cyber attack campaign believed to originate from India, that has been active since 2012, which uses spear-phishing to deliver malicious payloads that trigger the attack chains. 

This campaign is attributed to a nation-state advanced persistent threat group (APT) known as SideWinder, which is though the be behind an  espionage campaign targeting ports and maritime facilities in the Indian Ocean and the Mediterranean.

Also known as Rattlesnake and Razor Tiger, SideWinder has been active since at least 2012, mainly targeting government, military, and businesses for the purpose of cyber espionage.

The Research & Intelligence Team at BlackBerry say that targets of the spear-phishing campaign include countries like Pakistan, Egypt, Sri Lanka, Bangladesh, Myanmar, Nepal, and the Maldives and is assessed to be affiliated with India. 

The latest set of attacks employs baited-traps on topics related to sexual harassment, employee termination and salary cuts in order to trick recipients into opening decoy MS Word documents. 

Once the decoy file is opened, it activates a known security flaw (CVE-2017-0199) to establish contact with a malicious domain that masquerades as Pakistan's Directorate General Ports and Shipping ("reports.dgps-govtpk[.]com") to retrieve a Rich Text Format (RTF) file. 

The RTF document downloads a document that exploits another years-old security vulnerability in the Microsoft Office Equation Editor, with the goal of executing  a small piece of executable code used as a payload, built to exploit vulnerabilities in a system or carry out malicious commands that's responsible for launching JavaScript code, but only after ensuring that the compromised system is legitimate and is of interest to the threat actor.

While the BlackBerry researchers have not captured the final payload, they believe the JavaScript malware delivered by SideWinder is intended collect intelligence and compromising material. 

BlackBerry   |     Hacker News   |    Security Week   |    Dark Reading   |    Cyber Express   |   Security Affairs  

Image: Ideogram

You Might Also Read: 

A Database Tracking Maritime Cyber Attacks:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« AI At The Paris 2024 Olympics
Dark Angels Score Record Breaking $75m Ransom »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Virtual Security

Virtual Security

Virtual Security provides solutions in the field of managed security services, network security, secure remote work, responsible internet, application security, encryption, BYOD and compliance.

Security Network Munich

Security Network Munich

Security Network Munich brings together leading players in the field of information and cyber security through joint research and innovation projects.

Invensis Learning

Invensis Learning

Invensis Learning is a professional training and certification company providing IT Service Management, IT Security & Governance, DevOps, Cloud Computing and Digital Awareness training.

Advanced Systems International SAC

Advanced Systems International SAC

Advanced Systems international is a global company dedicated to data security software design, development, support, and licensing.

Seltek Technology Solutions

Seltek Technology Solutions

Seltek provides Digital Forensics, eDiscovery, Cybersecurity Assessments and IT Support services.

Riddle&Code

Riddle&Code

Riddle&Code is a product-led services company specializing in onboarding industries to Web3. The team's mission is to provide a trusted connection between the digital and physical worlds.

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

Centre for Multidisciplinary Research, Innovation & Collaboration (C-MRiC)

C-MRiC collaborates on initiatives, ranging from national cyber security, enterprise security, information assurance, protection strategy, climate control to health and life sciences.

Cylera

Cylera

Cylera is a Healthcare IoT cybersecurity and intelligence company built in close partnership with healthcare providers.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

Rede Nacional CSIRT

Rede Nacional CSIRT

Rede Nacional CSIRT is a national network of CSIRTs in Portugal aimed at cooperation and mutual assistance in the handling of incidents and in the sharing of good security practices.

Intracom Telecom

Intracom Telecom

Intracom Telecom is a global telecommunication systems & solutions vendor offering a complete range of professional services and solutions including Information Security.

Cubro Network Visibility

Cubro Network Visibility

Cubro network visibility solutions remove network monitoring ‘blind spots’ to provide enhanced visibility and control of all data transiting a company’s network.

Ostendio

Ostendio

Ostendio is a cybersecurity and information management solutions provider that develops affordable compliance solutions for digital health companies and other regulated entities.

Iris Powered by Generali

Iris Powered by Generali

Iris Powered by Generali is an identity theft resolution provider. Our offering combines expert assistance and support with user-friendly identity protection technology.

Cerby

Cerby

Your team uses unmanageable applications that put you, your company, and your data at risk. Protect, secure, and accelerate your business automatically with Cerby.

Thero6

Thero6

Thero6 develop dynamic financial analysis algorithms that help prevent coin collapses and theft of cryptocurrency funds by identifying the transaction absolutely throughout the chain.