Threat ActorSidewinder
Description
Sidewinder (also known as APT-C-17, Baby Elephant, Hardcore Nationalist, Leafperforator, Rattlesnake, Razor Tiger, SHROUDED#OOZE, and T-APT-04) is a suspected Indian cyber-espionage group active since at least 2012. Primarily focused on government, military, and defense targets in Pakistan, China, Nepal, and other South Asian countries, the group has significantly expanded its operations in recent years to include maritime, logistics, nuclear, financial, and critical infrastructure entities across South and Southeast Asia, the Middle East, and Africa. It conducts high-volume spear-phishing campaigns, frequently using Microsoft Office exploits, malicious scripts, and custom toolkits like StealerBot and Backdoor Loader for credential theft, persistent access, and data exfiltration.
Aliases
- Hardcore Nationalist
- Leafperforator
- Rattlesnake
- T-APT-04
- Baby Elephant
- APT-C-17
- SHROUDED#OOZE
Common Vulnerabilities and Exposures
Targeted Industries
- Aviation
- Defense
- Education
- Financial
- Government
- Hospitality
- IT Services
- Logistics
- Maritime
- Military
- Nuclear Energy
- Oil & Gas
- Real Estate
- Telecommunications
Objectives
Espionage and Intel
Known Tools Used
- ADModule
- Backdoor Loader
- BroStealer
- callCam
- Chisel
- ChromePasswordRecovery
- Cobalt Strike
- Koadic
- ModuleInstaller
- Rafel RAT
- RemotePotato0
- StealerBot
- Telegram
- USBStealer
- WarHawk
Known Infection Vectors
- Android Exploits
- Credential Harvesting Pages
- Malicious LNK Files
- Remote Template Injection
- Spear-Phishing Attachments
- Spear-Phishing Links
- ZIP Archives
