SideWinder Adopts ClickOnce-Based Attack Chain Targeting South Asian Diplomats

Timeline

1. 28.10.2025 06:01 1 articles · 13d ago

   SideWinder Targets South Asian Diplomats with New ClickOnce-Based Attack Chain

   From March through September 2025, SideWinder conducted a campaign targeting South Asian diplomats. The attacks used spear-phishing emails with PDF and ClickOnce-based infection chains to deliver malware families such as ModuleInstaller and StealerBot. The campaign targeted embassies and organizations in India, Sri Lanka, Pakistan, and Bangladesh, demonstrating the group's adaptability and sophisticated understanding of geopolitical contexts.

   Show sources

   • SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats — thehackernews.com — 28.10.2025 06:01

   Open in new tab

Information Snippets

• SideWinder targeted South Asian diplomats with a new campaign from March through September 2025.

  First reported: 28.10.2025 06:01
  1 source, 1 article
  Show sources

  • SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats — thehackernews.com — 28.10.2025 06:01

• The campaign used spear-phishing emails with PDF and ClickOnce-based infection chains.

  First reported: 28.10.2025 06:01
  1 source, 1 article
  Show sources

  • SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats — thehackernews.com — 28.10.2025 06:01

• The attacks delivered malware families such as ModuleInstaller and StealerBot.

  First reported: 28.10.2025 06:01
  1 source, 1 article
  Show sources

  • SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats — thehackernews.com — 28.10.2025 06:01

• ModuleInstaller serves as a downloader for next-stage payloads, including StealerBot.

  First reported: 28.10.2025 06:01
  1 source, 1 article
  Show sources

  • SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats — thehackernews.com — 28.10.2025 06:01

• StealerBot is a .NET implant capable of launching a reverse shell, delivering additional malware, and collecting data from compromised hosts.

  First reported: 28.10.2025 06:01
  1 source, 1 article
  Show sources

  • SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats — thehackernews.com — 28.10.2025 06:01

• The attacks targeted embassies and organizations in India, Sri Lanka, Pakistan, and Bangladesh.

  First reported: 28.10.2025 06:01
  1 source, 1 article
  Show sources

  • SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats — thehackernews.com — 28.10.2025 06:01

• The phishing emails used domains mimicking government entities to appear legitimate.

  First reported: 28.10.2025 06:01
  1 source, 1 article
  Show sources

  • SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats — thehackernews.com — 28.10.2025 06:01

• The ClickOnce application used in the attacks is a legitimate executable from MagTek Inc. signed with a valid signature.

  First reported: 28.10.2025 06:01
  1 source, 1 article
  Show sources

  • SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats — thehackernews.com — 28.10.2025 06:01

• The rogue DLL decrypts and launches a .NET loader named ModuleInstaller, which delivers the StealerBot malware.

  First reported: 28.10.2025 06:01
  1 source, 1 article
  Show sources

  • SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats — thehackernews.com — 28.10.2025 06:01