Rewterz Threat Alert – APT SideWinder Group Targeting Pakistani Officials – Active IOCs

Severity

High

Analysis Summary

The SideWinder Advanced Persistent Threat (APT) group is active again and targeting top level Pakistani officials for espionage campaigns. This time they are targeting Pakistan at a very crucial stage when the geopolitical situation of the region is critical and USA has left Afghanistan handing over the reigns to Taliban after 20 years of fighting. Threat actors are taking this as an opportunity to gather sensitive information wrt to the ongoing fiasco and peace talks between two countries and have dropped their malicious document highlighting the role of Pakistan and security measures taken for the stability of the region. This come as a threat to the national security when Pakistan is playing a key role in maintaining peace in Afghanistan and emerged as a mediator between the USA and Taliban.

Impact

• Information Theft and Espionage

Indicators of Compromise

Filename

• Impact on Pakistan Security Post US withdrawal[.]docx

MD5

• c9f8addb927c3b96aee6a9f671a1f801

SHA-256

• 8a1c9a28ba0c74bafd71705aa12128831d66bbae06536a81d680cd207e740a65

SHA-1

• a74f9baa1791476c489942dd9e24c8c6fd0822cd

Remediation

• Block all threat indicators at your respective controls.
• Search for IOCs in your environment.