The SideWinder APT group has upgraded its toolset and is expanding its targeting beyond traditional military and governmental entities. Its operations have extended geographically across South Asia, Southeast Asia, the Middle East, and Africa. The group has increased attacks against logistics companies, maritime infrastructures, and bodies connected to nuclear energy. It often modifies its malware within five hours of detection. The attack commences when targets open malicious DOCX files attached to spear-phishing emails.
Botnet campaign hits unpatched TP-Link Archer AX-21 routers
The “Ballista” botnet campaign is exploiting a high-level security flaw to infect unpatched TP-Link routers. Detected by Cato CTRL researchers in January 2025, it has
