SOURCE: AFI
A cyber espionage group with alleged ties to India has significantly broadened its target scope, shifting focus from regional adversaries to critical maritime infrastructure worldwide. Known by various monikers including SideWinder, Razor Tiger, and Rattlesnake, the group has historically been linked to cyberattacks on Pakistan, Afghanistan, China, and Nepal.
Recent investigations by BlackBerry cybersecurity researchers have uncovered a new campaign targeting maritime facilities in countries as far afield as Egypt, indicating a dramatic expansion of the group’s ambitions. The tactics remain consistent with previous operations, with spear-phishing attacks centered around fabricated official documents. However, the content of these documents has evolved to focus on maritime-related topics, such as employment terminations and salary reductions within specific port authorities, including the Port of Alexandria.
Ismael Valenzuela, vice president of threat research and intelligence at BlackBerry, emphasized the unprecedented nature of this campaign: “It’s the first time we have seen SideWinder targeting ports and maritime facilities in EMEA.” He linked the group’s expansion to global geopolitical tensions and the growing recognition of critical infrastructure as a prime target for cyberattacks.
The maritime industry has emerged as a high-value target for cybercriminals and state-sponsored actors alike. Incidents of cyberattacks on shipping companies have increased, with the potential for catastrophic consequences. The US Coast Guard has previously warned of the dangers posed by such attacks, and countries in the Asia-Pacific region have formed alliances to bolster their defenses against cyber threats.
The convergence of cyber and physical threats to the maritime industry is a growing concern. Alongside the rise in cyberattacks, traditional maritime risks such as piracy and ship accidents have also increased, creating a complex and dangerous operating environment.