SideWinder APT — also referred to as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperfora tor, Rattlesnake, Razor Tiger, or T-APT-04—has been operational since at least 2012 and is believed to serve the strategic interests of the Indian state. Recently, the group has broadened its scope of operations to encompass the Middle East, Africa, and Southeast Asia. SideWinder primarily targets military, governmental, telecommunications, and critical infrastruc ture entities across these regions. 

The group employs spear-phishing emails as their initial attack vector, subsequently executing sophisticated multi-stage assaults that exploit well-documented vulnerabilities, such as

. In its latest campaign, SideWinder has unveiled a new vari ant of “StealerBot,” an advanced cyberespionage tool meticulously designed for data exfiltration, system compromise, and the facilitation of further malicious activities. This evolution in their toolkit underscores their growing capabilities and intent, marking them as a formidable threat in the cyber domain.

• LinkedIn