Since April 2020, the Advanced Persistent Threat (APT) organization SideWinder, also known as Rattlesnake or T-APT-04, has been linked to over 1,000 attacks. The group has been active in Central Asian countries such as Afghanistan, Bangladesh, Nepal, and Pakistan since at least 2012. It has a history of targeting military, defense, aviation, IT sector, and legal institutions.
“Some of the main characteristics of this threat actor that make it stand out among the others are the sheer number, high frequency and persistence of their attacks and the large collection of encrypted and obfuscated malicious components used in their operations,” reads a report from the cybersecurity firm Kaspersky. SideWinder is actively expanding the geography of its targets to additional countries and regions, according to Kaspersky’s APT trends report for Q1 2022. The gang has also been seen using the ongoing Russian-Ukrainian conflict as a lure in its phishing attempts to spread malware and steal sensitive data.