A European embassy in New Delhi and multiple organizations across Sri Lanka, Pakistan, and Bangladesh have been targeted by a campaign carried out by the threat actor SideWinder in September 2025. This incident highlights a significant evolution in SideWinder’s tactics, techniques, and procedures (TTPs), particularly with the introduction of a unique infection chain utilizing PDF and ClickOnce technologies.
The shift in infection strategies indicates that SideWinder is adapting to evade detection and improve the effectiveness of their campaigns. By using PDF files combined with ClickOnce, an application deployment technology, they aim to enhance the delivery and execution of malicious payloads. This change in approach could pose a greater threat to cybersecurity for targeted entities if not addressed adequately.
👉 Pročitaj original: The Hacker News
