A recent report from Kaspersky’s Global Research and Analysis Team (GReAT) has unveiled alarming trends in cyber espionage, highlighting the SideWinder APT group’s expansion into Africa. This notorious group, which has been active since 2012, is now utilizing a newly identified toolkit called ‘StealerBot’ to execute its operations against high-profile organizations and critical infrastructures across the continent.
The report indicates that SideWinder’s recent campaigns have targeted significant entities in several African nations, including Morocco and Djibouti, with ongoing activities suggesting potential threats to additional victims. Kaspersky’s findings reveal that StealerBot engages in a range of malicious functions, from installing secondary malware to capturing keystrokes and stealing sensitive information such as browser passwords and RDP credentials.
Giampaolo Dedola, lead security researcher at Kaspersky, emphasized the stealthy nature of StealerBot, noting its modular design allows it to operate discreetly without leaving traces on a system’s hard drive. Instead, its components are loaded directly into memory, making detection particularly challenging. Central to its operations is the ‘Orchestrator,’ which manages communication with command-and-control servers and coordinates the various modules.
Previously, SideWinder primarily focused on military and government targets in South and Southeast Asia, including countries like Pakistan and China. However, this new wave of attacks marks a significant shift in their strategy, extending their reach to Africa.
Kaspersky experts urge organizations to enhance their cybersecurity measures by staying informed on the latest threats and technical details to counteract APT-related risks. The urgency is underscored by recent data showing that Africa recorded the highest average of weekly cyberattacks per organization in Q2 2024, with a staggering 2,960 attacks—up 37% from the previous year. In contrast, the global average stood at 1,636 attacks per organization per week, reflecting a 30% increase.
Countries like Ghana, South Africa, Lesotho, Kenya, and Morocco have faced significant cyber threats, with Morocco ranked 15th in vulnerability to cyberattacks in 2023, experiencing a staggering 52 million attacks that year. As cyber attackers increasingly target critical infrastructure and experiment with artificial intelligence, the need for robust cybersecurity strategies has never been more critical.
