The India-sponsored cyber-threat group Sidewinder, known for its activity since 2012, has recently expanded its attack activities by targeting various entities in countries such as Bangladesh, Djibouti, Jordan, Malaysia, the Maldives, Myanmar, Nepal, Pakistan, Saudi Arabia, and more. Utilizing a new post-exploitation tool named StealerBot, the group has demonstrated cyber-espionage activities across government, military, logistics, financial, and diplomatic sectors. Despite initial low-skilled perceptions, Sidewinder has shown sophistication with its attack chain involving spear-phishing emails,
lnk files, and post-exploit tactics. The newly revealed StealerBot implant, developed with .NET, functions as a modular espionage tool to steal data and conduct cyberespionage. The attack chain involves dropping multiple files, including a backdoor loader named ModuleInstaller, communicating with a command-and-control server, and deploying Trojan for maintaining access. Defenders are cautioned to recognize the threat posed by Sidewinder, with a comprehensive list of indicators of compromise provided by researchers. ```https://www.darkreading.com/cyberattacks-data-breaches/sidewinder-wide-geographic-net-attack-spree