WarHawk: the New Backdoor in the Arsenal of the SideWinder APT Group
released on 2022-10-25 @ 04:32:26 PM
Researchers from ThreatLabz at Zscaler have discovered a new malware being used by the SideWinder APT threat group in campaigns targeting Pakistan. This new malware is a backdoor that has been named “WarHawk". The WarHawk backdoor contains various malicious modules that deliver Cobalt Strike, incorporating new TTPs such as KernelCallBackTable Injection and Pakistan Standard Time zone check in order to ensure a successful campaign.