The SideWinder APT group (also known as RagaSerpent), suspected to be India-linked and active since 2012, has expanded its cyber-espionage operations into Southeast Asia, specifically Indonesia and Thailand. The group relies on spear-phishing, exploitation of long-patched Microsoft Office vulnerabilities, DLL hijacking, and staged payload delivery. A notable tactic is dynamically deriving C2 server addresses at runtime, allowing rapid infrastructure rotation without rebuilding malware. Targets include government institutions, telecom networks, and critical infrastructure, with researchers warning of long-term pre-positioned threats spanning 5-10 year strategic horizons. Defenders are advised to move beyond IoC-based detection toward blocking TTPs.
Sort: