Rattlesnake

Threat Actor Profile Updated a month ago
Download STIX
Preview STIX
Rattlesnake, also known as Sidewinder and various other aliases, is a threat actor group attributed to numerous cyberattacks across the globe. Group-IB linked this entity to a 2020 attack on the Maldivian government and a series of phishing operations targeting organizations in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021. The threat actor's evolving tactics pose significant risks to regional cybersecurity, with their activities continuing into 2024, using Hajj-related emails to target users in Asia and Africa. In late 2023, Rattlesnake targeted Pakistan government entities using server-based polymorphism to facilitate next-stage backdoor delivery in a cyberattack campaign. This technique was highlighted in a report by The Hacker News, which noted that the threat actor later shifted its focus to Turkey starting from March 2024. This method of attack shows the group's ability to adapt and utilize advanced techniques to achieve their objectives, further emphasizing the threat they pose. New malware variants related to Rattlesnake were discovered by the Cyble Research Team, indicating the persistent nature of the threat actor's activities. Their continuous evolution and adaptation to new methods of attack underscore the importance of robust vulnerability management and threat intelligence in countering such threats. The extensive list of aliases for this group, including Hardcore Nationalist, HN2, APT Q4, RAZOR Tiger, APT Q39, BabyElephant, and GroupA21, highlights the complexity and global reach of this threat actor.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Sidewinder
4
The Sidewinder threat actor group, also known as Rattlesnake, BabyElephant, APT Q4, APT Q39, Hardcore Nationalist, HN2, RAZOR Tiger, and GroupA21, is a significant cybersecurity concern with a history of malicious activities dating back to 2012. This report investigates a recent campaign by Sidewind
T-Apt4
2
None
Razor Tiger
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
State Sponso...
Malware
Payload
Phishing
Vulnerability
Backdoor
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
SnakeUnspecified
1
Snake, also known as EKANS, is a significant threat actor that has been active since at least 2004, with its activities potentially dating back to the late 1990s. This group, which may have ties to Iran, targets diplomatic and government organizations as well as private businesses across various reg
T-APT-04Unspecified
1
T-APT-04 is a sophisticated and highly skilled threat actor that has been active since at least 2017. This group is believed to be based in China and is known for their advanced cyber espionage campaigns targeting government agencies, military organizations, and political entities in various regions
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Rattlesnake Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
a month ago
Governments, Businesses Tighten Cybersecurity Around Hajj Season
CERT-EU
7 months ago
From Macro to Payload: Decrypting the Sidewinder Cyber Intrusion Tactics - CYFIRMA
MITRE
a year ago
SideWinder APT Targets with futuristic Tactics and Techniques
InfoSecurity-magazine
a year ago
SideWinder APT Attacks Regional Targets in New Campaign
DARKReading
a year ago
SideWinder APT Spotted Stealing Crypto
CERT-EU
a year ago
Novel AndoryuBot DDoS botnet leverages Ruckus RCE bug
CERT-EU
a year ago
Server-based polymorphism leveraged in new SideWinder APT attacks