SideWinder's attack on Pakistan's NEPRA

Background

SideWinder is an Indian state-backed Hacker group predominantly known for targetting Pakistan military and other organisations for intel for their own national security. They are also known to target other South & East Asian countries and their institutions like: Nepali Ministry of Defence and Foreign Affairs, Nepali Army, Afghanistan National Security Council & Sri Lankan Defence Ministry.

July 2022

Recently, SideWinder targetted Pakistan’s National Electric Power Regulatory Authority (NEPRA) with a personalised malware named WarHawk. WarHawk is a backdoor which contains several modules, it is executed with a method called “Time Zone check” where the malware is activated only when it’s in a specific time zone - Pakistan Standard Time in this case.

Attack

As of now, we do not know how much and what kind of data SideWinder has. Experts warned Pakistan’s organisations to be more cautious and alert for similar attacks especially on significant entities like NEPRA. Moreover, they suggested to evaluate and enhance their security measures as SideWinder’s TTPs will always evolve for future cyberespionage attacks.

Conclusion

Pakistan has to advance their defensive and offensive arsenal to an adequate level against the potential hybrid warfare in the region.

Sources

ZSCALER

TheHackerNews

iZOOlogic

that’s it ✌🏽


LET’S WORK TOGETHER