Kaspersky’s Global Research and Analysis Team (GReAT) has revealed significant developments in the activities of SideWinder, a prominent Advanced Persistent Threat (APT) group linked to India. The group, active since 2012 and also known as T-APT-04 or ‘RattleSnake,’ is now extending its cyber espionage operations into the Middle East, Africa, and Pakistan with a newly discovered surveillance toolkit named ‘StealerBot.’
Historically, SideWinder has focused its efforts on military and government targets in South and Southeast Asia, including Pakistan, Sri Lanka, China, and Nepal. However, Kaspersky’s latest findings indicate a strategic expansion into critical infrastructure and high-ranking organizations across multiple regions, with the potential for further growth.
The newly identified StealerBot is a sophisticated espionage tool designed with a modular architecture for intelligence-gathering. Its capabilities include deploying additional malware, capturing screen images, recording keystrokes, harvesting browser-stored passwords, and intercepting Remote Desktop Protocol (RDP) credentials. The toolkit also features file exfiltration capabilities, among other malicious functions.
Giampaolo Dedola, the lead security researcher at Kaspersky’s GReAT, described StealerBot as a stealthy espionage tool that operates through a modular structure. Each component is designed to perform a specific function, and these modules are loaded directly into the system’s memory, avoiding detection by not appearing as files on the hard drive.