Rattlesnake

Threat Actor updated a month ago (2024-08-14T09:17:39.569Z)

Download STIX

Preview STIX

Rattlesnake, also known as Sidewinder, BabyElephant, APT Q4, APT Q39, Hardcore Nationalist, HN2, RAZOR Tiger, and GroupA21, is a threat actor that has been linked to a series of malicious cyber activities. According to a report published by Group-IB, this group was behind the 2020 attack on the Maldivian government and an undisclosed series of phishing operations targeting organizations in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021. The group's persistent and evolving tactics present a significant risk to regional cybersecurity. In more recent activities, from January to May 2024, the India-linked threat group used Hajj-related emails to target users in Asia and Africa, as reported by Kaspersky. The group frequently employs spear-phishing attacks using images of official-looking documents. Cyble Research Team discovered new malware variants associated with the SideWinder (aka Rattlesnake or T-APT-04) APT threat group, further demonstrating their continuous evolution in cyber offensive capabilities. The suspected state-sponsored group has also been identified as utilizing server-based polymorphism to facilitate next-stage backdoor delivery in a cyberattack campaign. Initially, these attacks targeted Pakistan government entities in late November before shifting focus to Turkey beginning in March, as reported by The Hacker News. This advanced technique allows the group to evade detection and enhance the effectiveness of their attacks, underlining the need for robust vulnerability management and threat intelligence to counter such sophisticated threats.

Description last updated: 2024-08-14T08:39:02.585Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Sidewinder	4	Sidewinder is a threat actor group that has been active since at least 2012, with possible origins in South Asia. The group has a history of malicious activities and has been linked to a variety of cyber threats, including the use of the Nim backdoor payload. Sidewinder has targeted entities in mult
T-Apt4	2	None

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Rattlesnake Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	a month ago	India-Linked SideWinder Group Pivots to Hacking Maritime Targets
DARKReading	3 months ago	Governments, Businesses Tighten Cybersecurity Around Hajj Season
CERT-EU	9 months ago	From Macro to Payload: Decrypting the Sidewinder Cyber Intrusion Tactics - CYFIRMA
MITRE	2 years ago	SideWinder APT Targets with futuristic Tactics and Techniques
InfoSecurity-magazine	2 years ago	SideWinder APT Attacks Regional Targets in New Campaign
DARKReading	2 years ago	SideWinder APT Spotted Stealing Crypto
CERT-EU	a year ago	Novel AndoryuBot DDoS botnet leverages Ruckus RCE bug
CERT-EU	a year ago	Server-based polymorphism leveraged in new SideWinder APT attacks