Sign in / up

back to article Sidewinder goes nuclear, charts course for maritime mayhem in tactics shift

Researchers say the Sidewinder offensive cyber crew is starting to target maritime and nuclear organizations. Kaspersky described Sidewinder as a "highly prolific" advanced persistent threat (APT) group whose previous prey were mostly government and military instituions in China, Pakistan, Sri Lanka, and parts of Africa. Its …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. John Smith 19 Gold badge
    Unhappy

    If these exploits are so *old*

    How come they still work?

    They say it's rude to blame the victims.

    But how many f**king times do you have to tell people not to do things?

    How many times "Keep your s**t up to date" ?

    Before it kind of is your fault if you've gotten pawned by something that's years old.

    And if you fell victim to the same exploit again?

    7 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: If these exploits are so *old*

      I was curious on this as well so I did a bit of looking. It's an old MS Office bug in 2016/2013/2010 that has since been fixed and a patch issued.

      The countries we are talking about here more than likely have a lot of companies that don't have MS licences and more than likely grab an ISO of whatever version of Office people know and stick that on. They may not even give it a second thought until they get caught out. It could be staff sticking their own ISO of office on their machine. The IT departments might be more concerned with keeping the virus software and firewall up to date hoping that will save them.

      That's my thoughts on it. We aren't all in polished, well documented, anal retentive on updates for every piece of software IT departments. It kind makes my head spin (it doesn't but it could) when you think about every component to a well functioning IT team and all the various moving parts that have to move together for it all to work.

      8 1 Reply
      1. Paul Crawford Silver badge
        Reply Icon

        Re: If these exploits are so *old*

        See my comment of the day:

        https://forums.theregister.com/forum/all/2023/09/05/qualys_top_20_vulnerabilities/#c_4722844

        Basically MS did not fix the bug, but removed the useful feature to allow editing of older documents. You can see why folks who have older documents in need of occasional editing would not apply the shitification patch by MS...

        6 0 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: If these exploits are so *old*

          So they didn't actually fix it. They just patched it out of existence causing issues for customers. Classic.

          3 1 Reply
    2. MachDiamond Silver badge
      Reply Icon

      Re: If these exploits are so *old*

      "How many times "Keep your s**t up to date" ?"

      How many times do they need to be told to keep certain s**t off-line completely?

      4 0 Reply
  2. John Smith 19 Gold badge
    FAIL

    "It's an old MS Office bug in 2016/2013/2010 "

    So just to be completely clear it's at least 9 years old.

    It allows access to old documents that should a)Be saved in a newer file format (because it's always MS f**king about with the file format that causes this) b)These are businesses or regulatory orgs in the nuclear industry c)WTF are these orgs doing accepting such old formats in the first place?

    An email with an attachment that can carry executable code in it in a format at least 9 years old and these are not red flags for anyone above PFY skills?

    TL:DR "But it's never been a problem before now." Well dumbasses, now it is a problem.

    1 0 Reply
  3. amanfromMars 1 Silver badge

    In Brave New More Orderly NEUKlearer World Orders .... are there No Safe Hiding Space Places

    The group's main tactics –– don't immediately bear the hallmarks of a sophisticated bunch of attackers .... but those behind the attacks are highly skilled .... and has already demonstrated its ability to compromise critical assets and high-profile entities, including those in the military and government.

    Thus proving beyond any shadow of doubt presumed security for critical assets and high-profile entities, including those in the military and government is a zero sum game with any guarantee of protection against compromise a criminal fraud as it is impossible to provide ‽ .

    For any highly advanced and dangerous adversary that most certainly is a constant worry and highly prolific advanced persistent threat (APT) with no effective treatment able to be honestly offered to unsophisticated products exploited and hosted by vulnerable to attack entities.

    0 1 Reply
  4. ecofeco Silver badge
    Facepalm

    It never ends

    Another day ending in Y? Another hack and nothing is learned.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like