Back

SideWinder Targets South Asian Governments with Phishing Campaign

Severity: High (Score: 72.5)

Sources: Gbhackers, Cybersecuritynews

Summary

The advanced persistent threat group SideWinder has initiated a targeted phishing campaign aimed at South Asian government organizations, specifically targeting institutions like the Bangladesh Navy and Pakistan’s Ministry of Foreign Affairs. This campaign, which has been active since at least February 2026, employs a fake Chrome PDF viewer and a pixel-perfect clone of the Zimbra email login portal to harvest employee credentials. The attack was revealed after a Cloudflare Workers URL was identified as part of the credential-harvesting operation. The precise number of compromised accounts is currently unknown, but the scope of the attack raises significant concerns regarding the security of sensitive government communications. The phishing method is particularly sophisticated, mimicking legitimate platforms to deceive users. As of now, the campaign remains ongoing, with no reports of mitigation or remediation efforts detailed in the articles. Key Points: • SideWinder is targeting South Asian governments, including military and foreign affairs departments. • The phishing campaign uses a fake Chrome PDF viewer and a clone of the Zimbra login portal. • The attack has been active since at least February 2026 and remains ongoing.

Key Entities

  • Sidewinder (apt_group)
  • Phishing (attack_type)
  • Bangladesh Navy (company)
  • Bangladesh (country)
  • Pakistan (country)
  • Government (industry)
  • T1566.002 - Spearphishing Link (mitre_attack)
  • Chrome PDF Viewer (platform)
  • Cloudflare Workers (platform)
  • Zimbra (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed