‘Most aggressive’ APAC cyber threat group has Sri Lanka in its sights – Kaspersky

By Nishel Fernando in  Da Nang, Vietnam

Sri Lanka has been identified as a key target for SideWinder, dubbed “the most aggressive threat in APAC” by global cybersecurity giant Kaspersky.

The advanced persistent threat (APT) group, known for its relentless cyber espionage campaigns, has added the island nation to its growing list of targets across the Asia-Pacific region, according to findings presented at Kaspersky’s Cyber Security Weekend in Da Nang, Vietnam.

Unmasking the operations of top-tier APT actors, Noushin Shabab, Lead Security Researcher at Kaspersky’s Global Research and Analysis Team (GReAT), highlighted how SideWinder and other threat groups are persistently targeting state secrets, military intelligence, and critical infrastructure in the region.

SideWinder’s operations have consistently focused on government, military, and diplomatic entities, with a persistent interest in the maritime and logistics sectors. The group’s geographic reach includes Bangladesh, Cambodia, Vietnam, China, India, the Maldives, Nepal, Myanmar, Indonesia, and the Philippines. 

More recently, the group has also directed attention towards nuclear power plants and energy facilities across South Asia.

Employing sophisticated spear-phishing campaigns, SideWinder typically disguises malicious emails as official communications related to regulations or facility operations. When opened, these emails trigger a malware chain, granting the attackers potential access to sensitive operational data and personnel information.

While specific earlier attacks on Sri Lanka by SideWinder were not detailed in the presentation, the group’s sustained and aggressive posture in the region raises significant concerns for the nation’s cybersecurity.

“These campaigns are not just about data theft, they’re about gaining a decisive geopolitical edge,” Shabab stated. She emphasised the critical need for organisations—particularly those in sensitive sectors—to bolster their cybersecurity posture and invest in threat intelligence to counter these evolving threats.

Kaspersky is currently monitoring over 900 APT groups and operations worldwide, with a significant number targeting the APAC region. From 2024 alone, the cybersecurity firm thwarted 8 million ransomware attacks and detected over 200,000 new banking malware samples. Additionally, over 62 million attacks from various online sources were prevented in the region.