SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched attacks against high-profile entities in South and Southeast Asia. Its primary targets have been military and government entities in Pakistan, Sri Lanka, China and Nepal.
Over the years, SideWinder has carried out an impressive number of attacks and its activities have been extensively described in various analyses and reports published by different researchers and vendors, one of the latest of which was released at the end of July 2024. The group may be perceived as a low-skilled actor due to the use of public exploits, malicious LNK files and scripts as infection vectors, and the use of public RATs, but their true capabilities only become apparent when you carefully examine the details of their operations.
Read more…
Source: Kaspersky
Related:
- Error 524 Decoy: Unmasking a Global Smishing Operation Hiding Behind Error Pages
June 3, 2026
Group-IB researchers expose a large-scale smishing and phishing operation impersonating 260+ brands across 72 countries, using fake Cloudflare error pages, geofencing, and encrypted WebSocket channels for real-time credit card theft. The operation has a layered anti-analysis evasion architecture, which uses convincing fake Cloudflare error pages, like the “Error 524” timeout screen, as a decoy. The malicious ...
- Ransomware groups grow revenue by almost 40% in Q1 2026
June 2, 2026
In the first quarter of the year, ransomware groups increased their revenue by almost 40%, compared to the same period last year. This is according to a new report from cybersecurity researchers Rapid7, who said the increase is partly due to a maturing cybercriminal industry. Rapid7 based its findings on its research telemetry, which showed that ...
- Password manager Dashlane says hackers stole some customers’ password vaults
June 2, 2026
Password manager maker Dashlane says hackers have obtained at least a dozen encrypted vaults used for storing customer passwords during a weekend cyberattack. The company said on its website that hackers brute-forced the company’s two-factor authentication system, granting the hackers access to about 20 customer accounts. By defeating its two-factor mechanism, the hackers were able to download a copy of ...
- Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor
June 2, 2026
Palo Alto Unit 42 are tracking an increasingly widespread malvertising campaign targeting macOS. This campaign appears to be the next stage of a previous campaign known as JSCoreRunner, which was first identified in August 2025. In recent months, the financially-motivated attackers behind these campaigns transitioned from delivering standard adware, to delivering adware with full backdoor ...
- Russian spy agency says foreign spies turned officials’ smartphones into surveillance devices
June 2, 2026
Russia’s domestic spy agency says it has uncovered a sprawling foreign espionage operation that allegedly turned the smartphones of senior Russian officials into pocket-sized surveillance devices, though it has so far offered little in the way of evidence. In a statement Tuesday, the Federal Security Service (FSB) claimed foreign intelligence agencies implanted malware on the mobile devices ...
- Fake virus alerts are invading mobile games
June 2, 2026
Sometimes it happens. You’re happily playing a game on your phone or laptop when suddenly alarms pop up out of nowhere: “Your device is infected!” “Your iCloud is full!” “Your account is restricted for watching porn!” Some games can be played for free if you agree to watch ads, and in others you can get extra lives, perks, or ...