In two years time, the APT known as SideWinder has attacked as many as 1,000 victims. While the group behind SideWinder has focused on aviation, defense, IT, legal, and military targets in central Asian countries, it appears to be expanding its geography.
SideWinder uses a number of obfuscation techniques to make analysis of their malware more difficult, including splitting command-and-control (C2) strings between malware components and utilizing multi-layered malware that consists of files encrypted with unique keys. The group serves up their malware from more than 400 different URLs, and has been observed utilizing phishing lures that draw on current events like the conflict in Ukraine.
The Advanced Email Security pack for Acronis Cyber Protect Cloud scans incoming messages and stops phishing attacks — as well as other cyberthreats — from ever reaching users' inboxes, while the solution's URL filtering capabilities block access to known malicious URLs like the ones used by SideWinder to distribute their malware.
