Report reveals spy group targets high-profile entities and strategic infrastructures in Africa 

·
October 17, 2024
·
2 min read
cybersecurity
  • The Kaspersky Global Research and Analysis Team (GReAT) has detected that the SideWinder APT group, known for its cyber espionage activities, is expanding its attack operations into Africa, using a previously unknown espionage toolkit called ‘StealerBot'. 
  • According to the study, the SideWinder APT group's recent campaigns targeted high-profile entities and strategic infrastructures in many African countries, including Morocco and Djibouti. The campaign in general remains active and may target other victims.
  • Kaspersky also discovered that StealerBot is engaging in several malicious activities, including installing additional malware, capturing screenshots, logging keystrokes, stealing browser passwords, intercepting RDP (Remote Desktop Protocol) credentials, and exfiltrating files, among others. 

Giampaolo Dedola, lead security researcher at Kaspersky's GReAT, stated that StealerBot is a stealthy spying tool that allows attackers to spy on systems without being noticed. It uses a modular structure, with each component designed to perform a specific function. 

“These modules never appear as files on the system’s hard drive, making them difficult to trace. Instead, they are loaded directly into the memory. At the core of StealerBot is the ‘Orchestrator’, which oversees the entire operation, communicating with the threat actor’s command-and-control server, and coordinating the execution of its various modules,” he added. 

SideWinder, also known as T-APT-04 or RattleSnake, is reportedly one of the most active APT groups, having begun operations in 2012. Before Kaspersky discovered these recent waves of attacks, which have spread to high-profile entities and strategic infrastructure in Africa, the group primarily targeted military and government entities in Pakistan, Sri Lanka, China, and Nepal, as well as other sectors in South and Southeast Asia. 

READ MORE   Uber's Q2 global gross bookings hit $40 billion, expects $41.75 billion in Q3

Kaspersky experts recommend that organisations provide their security teams with up-to-date insights and technical details to combat APT-related threats. Meanwhile, cyber attackers are reportedly targeting critical infrastructure in Africa and experimenting with artificial intelligence as a toolkit. 

Advertisement

According to recent data, Africa experienced the highest average weekly cyberattacks per organisation in Q2 2024, with an average of 2,960 attacks, marking a 37% increase compared to the same period in 2023. The global average was 1,636 attacks per organisation per week, up 30% compared to the year before. 

In recent times, Ghana, South Africa, Lesotho, Kenya, and Morocco, among others, have all experienced cyber threats. Morocco reportedly ranked 15th among countries most vulnerable to cyber threats in 2023. The country faced 52 million cyberattacks in the same year. 

Subscribe To Techpoint Digest
Join thousands of subscribers to receive our fun week-daily 5-minute roundup of happenings in African and global tech, directly in your inbox, hours before everyone else.
This is A daily 5-minute roundup of happenings in African and global tech, sent directly to your email inbox, between 5 a.m. and 7 a.m (WAT) every week day! 
Digest Subscription

Give it a try, you can unsubscribe anytime. Privacy Policy.

Other Stories
43b, Emina Cres, Allen, Ikeja.

 Techpremier Media Limited. All rights reserved
magnifier