"SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan"

SideWinder, a prolific nation-state actor best known for targeting Pakistani military entities, compromised the official website of the National Electric Power Regulatory Authority (NEPRA) in order to deliver WarHawk, a tailored malware. According to Zscaler ThreatLabz, the newly discovered WarHawk backdoor contains various malicious modules that deliver Cobalt Strike, incorporating new tactics, techniques, and procedures (TTPs) such as KernelCallBackTable injection and Pakistan Standard Time zone check to ensure a successful campaign. The threat group, also known as APT-C-17, Rattlesnake, and Razor Tiger, is suspected to be an Indian state-sponsored actor. SideWinder is said to have launched over 1,000 attacks since April 2020, indicating the group's newfound aggression since it began operations a decade ago in 2012. The intrusions have been significant in terms of frequency and persistence, even as the group employs a vast arsenal of obfuscated and newly-developed components. This article continues to discuss the SideWinder Advanced Persistent Threat's (APT) use of a new WarHawk backdoor against entities in Pakistan. 

THN reports "SideWinder APT Using New WarHawk Backdoor to Target Entities in Pakistan"