SideWinder Utilizes New Infrastructure to Target Ports and Maritime Facilities in the Mediterranean Sea
Essential information
- Published
- 30/07/2024 15:39
- Modified
- 30/07/2024 16:29
- Tags
- 2024-07-30 CVE-2017-0199 CVE-2017-11882 espionage infrastructure javascript maritime nation-state phishing targeted vulnerability
- Related entities
- 2 vulnerabilities (cve), 47 observables, 1 intrusion sets (apt), 11 techniques (mitre), 7 others
Description
BlackBerry's researchers have uncovered a new campaign by the nation-state threat actor SideWinder. The group employs sophisticated techniques, such as utilizing carefully crafted phishing emails with visual lures designed to target specific organizations. The campaign aims to compromise ports and maritime facilities in the Indian Ocean and Mediterranean Sea regions through espionage and intelligence gathering activities. The attack chain involves exploiting vulnerabilities in Microsoft Office and downloading malicious JavaScript payloads from the group's infrastructure. SideWinder continuously evolves its tactics, making it an ongoing threat.