Intel Name: Sidewinder apt group aka rattlesnake
Date of Scan: October 16, 2024
Impact: Medium
Summary: SideWinder APT Group (aka Rattlesnake) – Active since 2012 and publicly identified in 2018, the SideWinder APT group has conducted numerous attacks primarily targeting military and government entities in South and Southeast Asia, including Pakistan, Sri Lanka, China, and Nepal. Initially perceived as low-skilled due to their use of public exploits and tools, their true capabilities emerge upon closer examination of their operations. Recently, they have expanded their focus to high-profile entities and strategic infrastructures in the Middle East and Africa. Notably, a new post-exploitation toolkit named “StealerBot” has been discovered, which is believed to be a key tool for their espionage activities.
