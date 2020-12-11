11 December 2020 17:41 IST

The group’s target include multiple government and military units, primarily in Nepal and Afghanistan, researchers at Trend Micro, a cybersecurity firm, said in a report.

The recent territory disputes between India, China, Pakistan and Nepal came in handy for a cybercrime group SideWinder. It launched phishing and malware attacks using territory dispute themes to lure users.

They found a server used to deliver malicious LNK file and host multiple credential phishing pages, which were copied from victims’ webmail login pages and modified for phishing.

After the gathered credentials are sent, some of the phishing pages redirect victims to different documents or news pages with themes related to COVID-19 or territory disputes between India and neighbouring countries.

SideWinder group has become famous for targeting countries in the South Asian region. The group had previously launched attacks against Pakistan, Bangladesh, and China using lure files related to COVID-19.

Trend Micro collected different samples from the campaign and found that all cases either downloaded or dropped files, and then executed JavaScript code to install the main backdoor + stealer.

“Although it’s not clear to us how these phishing pages are delivered to the victims, finding the original webmail servers that they copied to make these phishing pages allows us to identify who they were targeting,” researchers noted.