"India-Linked Group Used Telegram to Mastermind Cyberattacks Across Asia, Says Analyst"
In 2021, SideWinder, also known as Hardcore Nationalist (HN2), targeted more than 60 organizations in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka, according to Group-IB. By a wide margin, government agencies were the most heavily attacked, with 44 targeted versus only four military organizations, while nearly half of the attacks were directed at targets in Nepal. Group-IB also noticed SideWinder using the popular messaging application Telegram to process data from targeted systems. According to Group-IB, due to its relative ease of use, the communication platform has gained popularity as a command-and-control (C2) center or base of operations among Advanced Persistent Threat (APT) groups and financially-motivated cybercriminals during the past year. SideWinder was also found to be improving its toolkit, with Group-IB identifying SideWinder.StealerPy as one of the tools. It is described as a Python-written information stealer that exfiltrates data stolen from the victim's computer. This article continues to discuss researchers' findings and observations regarding the SideWinder group.