Rewterz Threat Alert – APT Group Sidewinder Targeting Pakistani Officials

Severity

High

Analysis Summary

Sidewinder APT Group, which has been working in the interest of the Indian Government, has been observed targeting Pakistani Government Officials through its latest campaigns with a decoy document related to investment in Balochistan Province. This APT group has been actively targeting South Asian countries throughout 2020 and fresh IoCs are still being detected in 2021. In earlier months, it was found targeting Pakistan Air Force with malicious samples of PAF Calendar 2021. Other recent campaigns include targeting Pakistanis and the Chinese military & government entities windows machines, as well as mobile phones often using weaponized word documents & custom, build mobile apps for information theft & espionage.

Impact

Information Theft and Espionage

Indicators of Compromise

Domain Name

• shaheenfoundation[.]mod-pak[.]co
• fbr[.]mod-pak[.]co
• afohs[.]mod-pak[.]co

Remediation

• Block all threat indicators at your respective controls.
• Search for IOCs in your environment.