Private Indian hackers launched over a thousand cyberattacks on Pak military

SideWinder, aka Rattlesnake, has hijacked, stolen or modified content in the intended computer systems of Pakistan government, military and business cyber assets. Earlier, only Pakistan and China-based entities would indulge in cyber espionage and disruption of Indian critical assets.


New Delhi: Assets of critical Pakistan government agencies, some of which are affiliated to the military, have been facing persistent cyberattacks from a group, which domestic and international experts claim, is based in India.
The group, which observers and experts have named the “SideWinder”, aka Rattlesnake, has launched a staggering over-1,000 attacks since April 2020 on government, military and business cyber assets based in Pakistan and managed to hijack, steal or modify content in the intended computer systems.
Earlier, such India-based “nationalist” cyber groups, would, at the most, deface the websites, while Pakistan and China-based similar entities would indulge in cyber espionage and disruption of critical assets of organisations based in India. According to a report by California-headquartered Zscaler, a cybersecurity company, which has four offices in India, the people behind SideWinder, in one of their recent attacks, have now planted a new malware called “WarHawk”, which, as per the researchers, completely hijacks the system of the intended recipient.
“Once the victim is infected by the malware ‘WarHawk’, the malware starts sending system information to attackers, downloads and executes other different malwares on the infected system. It also gives remote access to the system by executing commands on it and starts sending across information like file name, file-size, date, etc. One interesting thing that we found is that the malware runs only if the system is in Pakistan Standard Time,” said Niraj Shivtarkar, who is a researcher with the ThreatLabz, the research team of Zscaler.
According to him, they had come across different versions of the same malware, which indicates that the people behind the cyber group were updating the malware with more advanced functionalities. The researchers have not been able to identify the exact targets…