216.73.217.139

Operation SouthNet: SideWinder Expands Phishing and Malware Operations in South Asia

· Published 06/10/2025 08:11 · Modified 06/10/2025 11:03

Export JSON

Essential information

Published
06/10/2025 08:11
Modified
06/10/2025 11:03
Tags
2025-10-06 apt credential harvesting government military phishing south asia
Related entities
1 intrusion sets (apt), 21 techniques (mitre), 4 malware, 9 others

Description

SideWinder has launched a new targeted operation dubbed Operation SouthNet, focusing on the maritime sector in , particularly Pakistan and Sri Lanka. The group leverages free hosting platforms to deploy credential-harvesting portals and weaponized lure documents, while staging malware in open directories. Over 50 malicious domains were uncovered across various platforms, with Pakistan accounting for 40% of the identified domains. The campaign utilizes maritime and port-themed lures to target and entities. SideWinder's infrastructure overlaps with legacy C2 assets, indicating recycling across multiple years. The group maintains a high operational tempo, with new domains emerging every 3-5 days.

External references