Operation SouthNet: SideWinder Expands Phishing and Malware Operations in South Asia
Essential information
- Published
- 06/10/2025 08:11
- Modified
- 06/10/2025 11:03
- Tags
- 2025-10-06 apt credential harvesting government military phishing south asia
- Related entities
- 1 intrusion sets (apt), 21 techniques (mitre), 4 malware, 9 others
Description
APT SideWinder has launched a new targeted operation dubbed Operation SouthNet, focusing on the maritime sector in South Asia, particularly Pakistan and Sri Lanka. The group leverages free hosting platforms to deploy credential-harvesting portals and weaponized lure documents, while staging malware in open directories. Over 50 malicious domains were uncovered across various platforms, with Pakistan accounting for 40% of the identified domains. The campaign utilizes maritime and port-themed lures to target government and military entities. SideWinder's infrastructure overlaps with legacy C2 assets, indicating recycling across multiple years. The group maintains a high operational tempo, with new phishing domains emerging every 3-5 days.