-Papilio-Alamy_copy.jpeg?disable=upscale&width=1200&height=630&fit=crop "India-Linked SideWinder Group Shifts Focus to Targeting Maritime Entities")
Researchers from BlackBerry recently discovered that a nation-state cyber-espionage group linked to India, known as SideWinder, is expanding its targeting to maritime facilities in countries as far away as the Mediterranean Sea. This group, also known as Razor Tiger and Rattlesnake, typically focuses on regional rivals in countries like Pakistan, Afghanistan, China, and Nepal but has now set its sights on compromising computers and networks at ports and maritime facilities in more distant locations.
According to Ismael Valenzuela, vice president of threat research and intelligence at BlackBerry, the current campaign marks the first time SideWinder has been observed targeting ports and maritime facilities in the EMEA region. This shift in focus suggests that the group’s activities have evolved due to geopolitical factors and changing environments that have motivated threat groups and state sponsors to target critical assets within the maritime industry.
The maritime sector has increasingly become a target for cyberattacks, posing significant risks to ships and ports. The US Coast Guard previously warned shipping companies about potential cyber threats that could lead to accidents and catastrophes. Furthermore, following heightened Chinese cyber operations against maritime systems in the Asia-Pacific region, countries in that area have formed alliances to defend their networks against cyber threats.
In addition to cyber threats, the maritime industry also faces physical security risks, such as piracy in various regions and incidents of ship malfunctions leading to collisions with infrastructure like bridges. These factors highlight the importance of safeguarding maritime assets from both cyber and physical threats.
SideWinder, the cyber-espionage group behind these recent attacks, has been active since at least 2012 and is known for its sophisticated tactics, including the use of encrypted malware samples and obfuscation techniques. Despite its advanced methods, the group has been exploiting older vulnerabilities like CVE-2017-0199 in Microsoft Office to execute remote code attacks. This strategy of leveraging known vulnerabilities underscores the importance of timely patching and upgrading systems to mitigate cyber risks.
BlackBerry’s threat researchers have identified multiple domains associated with SideWinder’s attacks, indicating a focus on South Asian countries like Pakistan, Sri Lanka, Bangladesh, Myanmar, Nepal, and the Maldives. While the group is expanding its reach to regions like the Mediterranean, it appears to be targeting ports in countries where it has geopolitical interests, rather than conducting widespread global attacks.
The ultimate goal of SideWinder’s cyber operations is believed to be intelligence-gathering and espionage, based on the group’s previous activities. As cybersecurity threats continue to evolve, organizations in the maritime sector must remain vigilant and implement robust security measures to protect their assets from cyber threats originating from sophisticated threat actors like SideWinder.