APT Sidewinder Mimics Government and Military Agencies to Steal Login Credentials

Cybersecurity researchers have uncovered an extensive phishing campaign orchestrated by APT Sidewinder, a persistent threat actor believed to originate from South Asia, targeting government and military institutions across Bangladesh, Nepal, and Turkey through sophisticated credential harvesting operations that exploit trusted platforms and convincingly replicate official login portals.

Coordinated Infrastructure Exploits Trust

The investigation, initiated by security researchers following reports of attacks on Nepal’s Ministry of Defense, revealed a complex network of malicious infrastructure designed to impersonate critical government services.

APT Sidewinder has been systematically creating fake login pages that mimic official Zimbra email systems and secure file-sharing portals used by defense agencies, including Bangladesh’s Directorate General of Defence Procurement (DGDP), the Bangladesh Air Force (BAF), and Turkey’s prominent defense contractors ASELSAN and ROKETSAN.

The threat actors have demonstrated remarkable attention to detail ...