ThreatCluster

SideWinder Targets South Asian Governments with Phishing Campaign

First seen 21 Apr 2026, 08:14 UTC GbhackersCybersecuritynews 91% similarity 73

Article Content

Browse articles
ThreatCluster

The advanced persistent threat group SideWinder has initiated a targeted phishing campaign aimed at South Asian government organizations, specifically targeting institutions like the Bangladesh Navy and Pakistan’s Ministry of Foreign Affairs. This campaign, which has been active since at least February 2026, employs a fake Chrome PDF viewer and a pixel-perfect clone of the Zimbra email login portal to harvest employee credentials. The attack was revealed after a Cloudflare Workers URL was identified as part of the credential-harvesting operation. The precise number of compromised accounts is currently unknown, but the scope of the attack raises significant concerns regarding the security of sensitive government communications. The phishing method is particularly sophisticated, mimicking legitimate platforms to deceive users. As of now, the campaign remains ongoing, with no reports of mitigation or remediation efforts detailed in the articles.

Key Points: • SideWinder is targeting South Asian governments, including military and foreign affairs departments. • The phishing campaign uses a fake Chrome PDF viewer and a clone of the Zimbra login portal. • The attack has been active since at least February 2026 and remains ongoing.

ThreatCluster AI

Timeline

2026-02-01
SideWinder phishing campaign begins targeting South Asian governments.
2026-04-21
Cybersecurity articles published detailing the ongoing campaign.
Recent
Cloudflare Workers URL identified as part of the credential harvesting.

Community

Browse all →