Request a Demo
Rewterz
Rewterz Threat Alert – STOP (DJVU) Ransomware – Active IOCs
February 24, 2023
Rewterz
Rewterz Threat Alert – IcedID Banking Trojan aka BokBot – Active IOCs
February 25, 2023

Rewterz Threat Alert – SideWinder APT Group Targeting in Pakistan Navy War College (PNWC) – Active IOCs

Severity

High

Analysis Summary

The SideWinder APT (Advanced Persistent Threat) Group is a known cyber-espionage group that has targeted various countries in the past. In a recent attack, the group targeted Pakistan with two specific documents: “Overview of Flood Situation in Pakistan” and “Guidelines for Beacon Journal: 2023 Pakistan Navy War College (PNWC). 

The “Overview of Flood Situation in Pakistan” document appears to be a legitimate report on the flood situation in Pakistan, which was a major problem in the country a few years ago. However, the document contains malicious code that can infect the victim’s computer and allow the attackers to gain access to sensitive information.

The “Guidelines for Beacon Journal: 2023 Pakistan Navy War College (PNWC)” document appears to be a set of guidelines for a journal that covers the Pakistan Navy War College. However, this document also contains malicious code that can infect the victim’s computer and allow the attackers to gain access to sensitive information.

It is believed that the SideWinder APT Group targeted Pakistan with these documents to gather intelligence on the country’s military and political activities. The group is known for targeting government, military, and diplomatic organizations in various countries.

It is essential for organizations to remain vigilant and take measures to protect their sensitive information from cyber-attacks. It is also important to educate employees about the risks of opening suspicious documents or clicking on links in suspicious emails.

Overall, the SideWinder APT Group’s attack on Pakistan highlights the need for continued efforts to enhance cybersecurity measures and prevent cyber-espionage activities.

Recently the threat actors were observed targeting the Pakistan Navy War College (PNWC) with the file named “Overview of Flood Situation in Pakistan” and “Guidelines for Beacon Journal: 2023 Pakistan Navy War College (PNWC).”

Impact

  • Information Theft and Espionage

Indicators of Compromise

Domain Name

  • mofs-gov.org
  • sinacn.co
  • paf-govt.net
  • mofagov.com
  • alit.info
  • bol-north.com

MD5

  • a8c470bb09cccd25df1821d14c5fb868
  • 02795c2873ed1a118b72d923e2ec7c28
  • a92a98d9a88060a50f91f56b7fd11e81

SHA-256

  • 46cc2e14b7daeadc9f7e5be5cb2004f1370620c93ac97a31cd9a7d329211fd9e
  • ee2018f7b42ed56fb8b272c9662bf9ddd01f6058abd756019a857a33e54d8faf
  • 023a9b64f4a97bebca72cbfa58553cf7ab3f6b80beba908447a441ef4870f284

SHA-1

  • 84dd4ac6f324036985f814bb822fc87b7cf5887d
  • b53cf29830cdd0b5f144ebf12b9aa0284f5ffc3a
  • 238dfe88da608c60e8fbfa164704e6754f1c6233

Remediation

  • Block all threat indicators at your respective controls.
  • Search for Indicators of compromise (IOCs) in your environment utilizing your respective security controls