The authorities have detected an ongoing phishing campaign by the advanced persistent threat group 'SideWinder', targeting government, military, law enforcement and other key and sensitive entities.
Just days ahead of the national elections, the Bangladesh Government's e-Government Computer Incident Response Team (BGD e-GOV CIRT) issued a cyber threat alert on Thursday.
Phishing is the fraudulent practice of sending emails or other messages purporting to be from reputable companies to steal sensitive information like passwords or financial data.
On the other hand, an advanced persistent threat (APT) is a highly organised group of hackers who conduct stealthy, long-term cyberattacks against specific targets like governments or businesses.
According to CIRT, the potential targets of the ongoing phishing campaign include the Bangladesh Armed Forces Division, law enforcement agencies, healthcare institutions, telecommunications companies, financial institutions, and news media outlets.
The alert urges individuals and organisations to remain vigilant and avoid clicking on suspicious links in emails.
SideWinder is known for its ability to launch multiple attacks within a short timeframe and has posed threats to organisations across South and East Asia.
The CIRT alert mentioned the group's focus on stealing sensitive, confidential and classified documents.
The state-run agency says the primary attack vector appears to be spear phishing, where emails containing malicious attachments or URLs are sent to targeted individuals.
These emails are often crafted specifically for the recipient organisation and may contain content designed to pique their interest or appear legitimate. Cyber investigators have identified phishing domains that closely resemble official websites and domains of Bangladeshi government, military and law enforcement agencies.
Analysis of malicious domains, hash files and IP addresses shows connections to the SideWinder APT group, known for targeting Bangladeshi government and law enforcement organisations.
One specific IP address (5.230.54.3) has been identified as hosting malicious sub-domains mimicking Bangladeshi organisations and was later confirmed to belong to the SideWinder network.
"We found that the group primarily uses RTF (Rich Text Format) documents in its phishing attacks targeting Bangladeshi entities," the alert notes.
Moreover, the alert notes the group's use of server-side polymorphism -- a technique that allows them to evade detection by traditional signature-based antivirus software.
© 2024 - All Rights with The Financial Express
