Rattlesnake

Threat Actor updated a month ago (2024-11-29T13:58:34.474Z)
Download STIX
Preview STIX
The threat actor Rattlesnake, also known as Sidewinder, BabyElephant, APT Q4, APT Q39, Hardcore Nationalist, HN2, RAZOR Tiger, and GroupA21, is a prolific Advanced Persistent Threat (APT) group that has been active since 2012. The group was first publicly identified in 2018 and has launched numerous attacks against high-profile entities across South and Southeast Asia. Rattlesnake's persistent and evolving tactics pose a significant risk to regional cybersecurity, with the group often resorting to spear-phishing attacks using images of official-looking documents. Rattlesnake has been linked to several notable cyberattacks. A report published by Group-IB attributed a malicious document and Nim backdoor payload to Rattlesnake, linking it to a 2020 attack on the Maldivian government and a series of previously unknown phishing operations targeting organizations in Afghanistan, Bhutan, Myanmar, Nepal, and Sri Lanka between June and November 2021. From January to May 2024, the group used Hajj-related emails to target users in Asia and Africa, demonstrating their ability to adapt their tactics to current events and cultural contexts. In recent developments, the Cyble Research Team discovered new malware variants associated with Rattlesnake. Additionally, between late November and March, the group utilized server-based polymorphism to facilitate next-stage backdoor delivery in a cyberattack campaign initially targeting Pakistani government entities before shifting focus to Turkey. This method allows the group to evade detection by creating unique instances of their malicious software for each new victim, further highlighting the sophistication and potential danger posed by Rattlesnake.
Description last updated: 2024-10-15T13:15:38.309Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Sidewinder is a possible alias for Rattlesnake. Sidewinder, a threat actor with a history of malicious activities dating back to 2012, has been linked to a series of sophisticated cyber threats targeting maritime facilities in multiple countries and government officials in Nepal. The group, believed to have South Asian origins, is known for its u
5
T-APT-04 is a possible alias for Rattlesnake.
2
T-Apt4 is a possible alias for Rattlesnake.
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Rattlesnake Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more