{"id":51823,"date":"2023-05-09T14:30:00","date_gmt":"2023-05-09T14:30:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/sidewinder-strikes-victims-pakistan-turkey-multiphase-polymorphic-attack"},"modified":"2023-05-09T14:30:00","modified_gmt":"2023-05-09T14:30:00","slug":"sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/","title":{"rendered":"SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack"},"content":{"rendered":"
<\/div>\n

India’s prolific SideWinder<\/a> advanced persistent threat group (APT) is targeting Pakistani government officials and individuals in Turkey, using polymorphism techniques that allow it to bypass traditional signature-based antivirus (AV) detection to deliver a next-stage payload.<\/p>\n

The attacks use documents with content geared toward their interests, which when opened exploit a remote template injection flaw to deliver malicious payloads, the researchers at the BlackBerry Threat Research and Intelligence team<\/a> revealed in a blog post on May 8.<\/p>\n

The first phase of the campaign \u2014 discovered in November \u2014 <\/span>uses a server-side polymorphic attack against targets in Pakistan, while a later phase discovered earlier this year uses phishing tactics to deliver malicious lure documents to victims, the researchers said.  <\/p>\n

However, instead of using malicious macros within documents to drop malware \u2014 which is often the case when documents are used as lures \u2014 the APT exploits the CVE-2017-0199<\/a> vulnerability to deliver the payloads instead, the researchers said.<\/p>\n

SideWinder,<\/a> active since 2012, was detected by Kaspersky<\/a> in the first quarter of 2018 and thought to primarily target Pakistani military infrastructure. However, as recent research<\/a> and the latest attack demonstrate, the target range of the group \u2014 widely believed to be associated with Indian espionage<\/a> interests \u2014 appears to be far broader than that.<\/p>\n

How Polymorphism Tricks Defenders<\/h2>\n

Server-side polymorphism<\/a> is a technique used since the 1990s by attackers to evade detection by AV tools. It does so by using malicious code that alters its appearance through encryption and obfuscation, making sure that no two samples look the same and thus can’t easily be analyzed, the researchers explained.<\/p>\n

The attack can fool defenders because it serves the victim with a new sample each time a link is clicked, Dmitry Bestuzhev, senior director of cyber-threat intelligence at BlackBerry, tells Dark Reading. In this case, each new download has a new hash, which “effectively breaks hash-based detections used by security operations centers (SOCs) and some endpoint scanners,” he says.<\/p>\n

“Since there\u2019s a new hash each time, there is no information on a given sample on public multi scanners like VirusTotal unless each new sample is uploaded over and over for further analysis,” Bestuzhev says. “So it makes life harder for the victims because of the lack of information on public sandboxes and other-like security services.”<\/p>\n

The Latest Campaign<\/h2>\n

BlackBerry researchers examined various documents in the campaign, which were found on an attacker-controlled server used to deliver the documents to users. The first that researchers encountered was titled \u201cGUIDELINES FOR BEACON JOURNAL \u2013 2023 PAKISTAN NAVY WAR COLLEGE (PNWC),” while another discovered in early December pretended to be a letter of offer and acceptance “for the purchase of defense articles, defense services, or both.”<\/p>\n

In both cases, targets were instructed to reach out to remote addresses controlled by SideWinder that would download the next-stage payload, \u201cfile.rtf,” a rich text document file that demonstrates the polymorphic nature of the attack and can only be downloaded by users in the Pakistani IP range, the researchers said.<\/p>\n

“The name of the file ‘file.rtf’ and the file type are the same; however, the contents, file size and the file hash are different,” they noted. “This is an example of server-based polymorphism, where each time the server responds with a different version of file, so bypassing the victim’s antivirus scanner (presuming the antivirus uses signature-based detection).”<\/p>\n

If the user is not in the Pakistani IP range, the server returns an 8 byte RTF file that contains a single string; however, if the user is within the Pakistani IP range, the server then returns the RTF payload, which varies between 406KB to 414KB in size, the researchers said.<\/p>\n

To Turkey & Beyond: An Expanding Cyber Threat<\/h2>\n

In early March, the researchers discovered a new malicious document linked to the earlier attack that was propagated via phishing emails, indicating that the scope of the attack had spread to victims in Turkey \u2014 a new target region for SideWinder, researchers said. In mid-March, the researchers discovered a newly configured server delivering the payload that was set up so that a victim in Turkey could receive a second-stage payload, they said.<\/p>\n

While SideWinder’s primary targets have always been the Southeast Asia regions such as Pakistan and Sri Lanka, with a particular focus on Pakistani government institutions. However, targeting victims in Turkey makes sense from a geopolitical perspective, the researchers observed, because of the Turkish government’s support of Pakistan, which has sparked criticism from India, they said.<\/p>\n

While polymorphic attacks overall can be difficult to defend against, detection and prevention strategies based on behavior and hashes can be effectively used against them, Bestuzhev says.<\/p>\n

“When prevention technologies are based on code similarities and heuristics or machine learning models, even if there is a new hash, it should not break the detection of the malicious sample,” he notes.<\/p>\n

The key for organizations to mitigate these attacks, Bestuzhev adds<\/span>, “is not to focus on volatile indicators of compromise but on meaningful tactics, techniques, and procedures (TTPs) and behaviors in the system or code blocks covered by machine learning technologies.”<\/p>\n

Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The APT is exploiting a remote template injection flaw to deliver malicious documents that lure in government officials and other targets with topics of potential interest.Read More HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-51823","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"\nSideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-05-09T14:30:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt182cafeb323ddee6\/62f15dbadcd0ec0ee12fabe3\/snake-Gerry-Pearce-Alamy.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack\",\"datePublished\":\"2023-05-09T14:30:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\\\/\"},\"wordCount\":856,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt182cafeb323ddee6\\\/62f15dbadcd0ec0ee12fabe3\\\/snake-Gerry-Pearce-Alamy.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\\\/\",\"name\":\"SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt182cafeb323ddee6\\\/62f15dbadcd0ec0ee12fabe3\\\/snake-Gerry-Pearce-Alamy.jpg\",\"datePublished\":\"2023-05-09T14:30:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt182cafeb323ddee6\\\/62f15dbadcd0ec0ee12fabe3\\\/snake-Gerry-Pearce-Alamy.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt182cafeb323ddee6\\\/62f15dbadcd0ec0ee12fabe3\\\/snake-Gerry-Pearce-Alamy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/","og_locale":"en_US","og_type":"article","og_title":"SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-05-09T14:30:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt182cafeb323ddee6\/62f15dbadcd0ec0ee12fabe3\/snake-Gerry-Pearce-Alamy.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack","datePublished":"2023-05-09T14:30:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/"},"wordCount":856,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt182cafeb323ddee6\/62f15dbadcd0ec0ee12fabe3\/snake-Gerry-Pearce-Alamy.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/","url":"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/","name":"SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt182cafeb323ddee6\/62f15dbadcd0ec0ee12fabe3\/snake-Gerry-Pearce-Alamy.jpg","datePublished":"2023-05-09T14:30:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt182cafeb323ddee6\/62f15dbadcd0ec0ee12fabe3\/snake-Gerry-Pearce-Alamy.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt182cafeb323ddee6\/62f15dbadcd0ec0ee12fabe3\/snake-Gerry-Pearce-Alamy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/sidewinder-strikes-victims-in-pakistan-turkey-in-multiphase-polymorphic-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"SideWinder Strikes Victims in Pakistan, Turkey in Multiphase Polymorphic Attack"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51823","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=51823"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/51823\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=51823"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=51823"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=51823"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}