Kaspersky’s Global Research and Analysis Team (GReAT) has uncovered new evidence linking the India-affiliated Advanced Persistent Threat (APT) group, SideWinder, to expanded cyber espionage activities.

Known for its focus on military and government targets, SideWinder, also called T-APT-04 or ‘RattleSnake,’ has broadened its reach to include regions in the Middle East, Africa, and Pakistan. The group is utilizing a newly identified surveillance tool, ‘StealerBot.’

SideWinder, active since 2012, has historically targeted countries in South and Southeast Asia, including Pakistan, Sri Lanka, China, and Nepal, while also infiltrating various sectors in surrounding regions. Now, with the advanced StealerBot toolkit, the group’s operations have grown in sophistication.

StealerBot features a modular design, allowing it to gather intelligence with a range of malicious capabilities.

These include installing additional malware, capturing screen activity, recording keystrokes, stealing browser-stored passwords, and intercepting Remote Desktop Protocol (RDP) credentials. Kaspersky warns that the malware is targeting critical infrastructure and high-level organizations and may expand its scope further.

The lead security researcher at Kaspersky’s GReAT, Giampaolo Dedola said, “In essence, ‘StealerBot’ is a stealthy espionage tool that allows threat actors to spy on systems while avoiding easy detection and operates through a modular structure, with each component designed to perform a specific function. These modules never appear as files on the system’s hard drive, as instead they are loaded directly into the memory, making them difficult to trace.”

Also Read

Infinix Hot 50 Pro latest prices in Pakistan & specs

The Infinix Hot 50 Pro was launched globally on October 23, expanding...