The APT group SideWinder targets maritime and logistics companies across South and Southeast Asia, the Middle East, and Africa.
Kaspersky researchers warn that the APT group SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) is targeting maritime, logistics, nuclear, telecom, and IT sectors across South Asia, Southeast Asia, the Middle East, and Africa.
SideWinder (also known as Razor Tiger, Rattlesnake, and T-APT-04) has been active since at least 2012, the group mainly targeted Police, Military, Maritime, and the Naval forces of Central Asian countries. In the 2022 attacks, the threat actors also targeted departments of Foreign Affairs, Scientific and Defence organisations, Aviation, IT industry, and Legal firms.
The threat actor maintains a large C2 infrastructure composed of more than 400 domains and subdomains that were used to host malicious payloads and control them.
Kaspersky observed SideWinder expanding its attacks in 2024, with growing activity in Egypt, Asia, and Africa.
Some of the attacks observed by the Russian cybersecurity firm show a focus on nuclear power plants and nuclear energy in South Asia and further expansion of activities into new African countries.
SideWinder rapidly adapts to security detections, modifying malware within hours, altering tactics, techniques, and procedures. The group was spotted changing file names to maintain persistence and evade defense.
“Once their tools are identified, they respond by generating a new and modified version of the malware, often in under five hours. If behavioral detections occur, SideWinder tries to change the techniques used to maintain persistence and load components. Additionally, they change the names and paths of their malicious files.” reads the report published by Kaspersky. “Thus, monitoring and detection of the group’s activities reminds us of a ping-pong game.”
The infection pattern observed in the second part of 2024 is consistent with the one described in the previous article.
The infection flow is the same as past attacks, threat actors send spear-phishing emails with a DOCX file attached. The document loads an RTF template file stored on a remote server controlled by the attacker. The file exploits a Microsoft Office Memory Corruption flaw, tracked as CVE-2017-11882, to run a malicious shellcode and initiate a multi-level infection process. The final stage of the attack chain is a malware dubbed “Backdoor Loader” which loads a custom post-exploitation toolkit named “StealerBot”.
“During the investigation, we found a new C++ version of the “Backdoor Loader” component. The malware logic is the same as that used in the .NET variants, but the C++ version differs from the .NET implants in that it lacks anti-analysis techniques. Furthermore, most of the samples were tailored to specific targets, as they were configured to load the second stage from a specific file path embedded in the code, which also included the user’s name.” continues the report. “It indicates that these variants were likely used after the infection phase and manually deployed by the attacker within the already compromised infrastructure, after validating the victim.”
Most detected bait documents focused on government and diplomatic matters, though some covered generic topics like car rentals, real estate, and freelance job offers.
“SideWinder is a very active and persistent actor that is constantly evolving and improving its toolkits. Its basic infection method is the use of an old Microsoft Office vulnerability, CVE-2017-11882, which once again emphasizes the critical importance of installing security patches.” concludes the report. “Despite the use of an old exploit, we should not underestimate this threat actor. In fact, SideWinder has already demonstrated its ability to compromise critical assets and high-profile entities, including those in the military and government.”
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog.
The exploitation of VeraCore vulnerabilities has been attributed to a Vietnamese threat actor named XE Group. XE Group has been observed dropping reverse shells and web shells to maintain persistent remote access to compromised systems.
No security firm has publicly reported the exploitation of Ivanti EPM flaws in real-world attacks. However, experts are aware of the availability of PoC exploit code for these issues.
Experts also recommend private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this vulnerability by March 31, 2025.
A few days ago, U.S. Cybersecurity and Infrastructure Security Agency (CISA) added other Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog.
Cross-border data transfers enable global business but face challenges from varying cybersecurity laws, increasing risks of cyberattacks and data breaches.
The digital revolution has enabled organizations to operate seamlessly across national boundaries, relying on cross-border data transfers to support e-commerce, cloud computing, artificial intelligence, and financial transactions. However, as data moves across multiple jurisdictions, it becomes subject to varying national cybersecurity policies and data protection laws. This divergence presents a significant challenge for global businesses, which must navigate complex regulatory environments while safeguarding sensitive data from cyber threats.
Cybersecurity in cross-border data transfers is particularly crucial given the rise in cyberattacks, corporate espionage, and data breaches targeting multinational corporations. Attackers exploit weak links in international data exchange systems to compromise critical infrastructure and access sensitive information. Governments have responded by introducing stringent regulatory measures such as the European Union’s GDPR, China’s Cybersecurity Law, and the United States’s CLOUD Act, each with unique requirements that impact how organizations handle and transfer data internationally.
Cybersecurity Challenges in Cross-Border Data Transfers
Cross-border data transfers introduce cybersecurity challenges that organizations must address to ensure sensitive information’s integrity, confidentiality, and availability. The increasing reliance on cloud computing, remote work, and digital transactions has amplified the risks associated with data transmission across different jurisdictions. These challenges stem from several factors, including cyber threats, legal and regulatory inconsistencies, and geopolitical considerations. Understanding these risks is crucial for businesses, policymakers, and cybersecurity professionals to develop robust security and compliance strategies.
Rising Threat of Cyber Attacks on Cross-Border Data Transfers
Cyberattacks targeting cross-border data transfers have become more sophisticated and frequent, often exploiting vulnerabilities in data transmission networks and cloud-based storage systems. Hackers deploy various techniques, such as man-in-the-middle attacks, ransomware, phishing schemes, and supply chain compromises, to intercept, manipulate, or steal sensitive data. Organizations that transfer data across multiple jurisdictions often rely on third-party vendors, cloud services, and global data centers, increasing the attack surface and making enforcing consistent security measures difficult.
One of the most significant risks is the interception of unencrypted data during transmission. Attackers use packet-sniffing tools to capture sensitive information traveling between international servers, potentially exposing financial records, intellectual property, and personally identifiable information (PII). The lack of encryption standards across different jurisdictions further complicates this issue, as some countries mandate strong encryption protocols while others impose restrictions on cryptographic techniques.
Legal and Regulatory Inconsistencies Across Jurisdictions
The absence of a unified global regulatory framework for cross-border data transfers presents another significant challenge. Different countries impose varying legal requirements, data localization mandates, and compliance obligations, creating a complex and often contradictory regulatory environment for multinational organizations. For instance, the European Union’s General Data Protection Regulation (GDPR) enforces stringent data protection measures, requiring organizations to implement standard contractual clauses (SCCs) or obtain adequacy decisions before transferring data outside the EU. In contrast, some countries, such as China and Russia, impose strict data localization laws that mandate that sensitive data remain within national borders.
This regulatory fragmentation forces companies to adopt multiple compliance strategies, often increasing operational costs and legal risks. Organizations must conduct thorough due diligence in cross-border data transfers, ensuring their data processing activities align with each jurisdiction’s requirements. However, the lack of standardization leads to inefficiencies, with companies facing delays and legal challenges when transferring customer or business data internationally.
Table 1: Comparison of Key Data Protection Regulations Across Major Jurisdictions
Country/Region
Primary Regulation
Cross-Border Data Transfer Requirements
European Union
GDPR
Requires SCCs, BCRs, or adequacy decisions for transfers outside the EU
United States
CLOUD Act, HIPAA
No unified law. Sector-specific regulations apply
China
Cybersecurity Law, PIPL
Requires government approval for certain data exports
Russia
Federal Law on Personal Data
Requires storage of personal data within national borders
India
PDP Bill
Propose strict data localization for critical data
Brazil
LGPD
Allows cross-border transfers with similar protections as GDPR
This lack of harmonization creates additional compliance burdens for businesses, particularly those operating in multiple countries. Organizations that fail to comply with jurisdictional regulations risk facing substantial fines, legal actions, and restrictions on their ability to conduct business globally.
Challenges in Data Protection and Privacy Compliance
Ensuring data protection and privacy compliance is one of the most significant cybersecurity challenges in cross-border data transfers. As digital transactions and remote work environments grow, companies must implement strong data security measures to prevent unauthorized access and ensure compliance with privacy laws. However, different countries define and enforce privacy regulations in varying ways, making it difficult for companies to implement a one-size-fits-all approach to compliance.
Geopolitical and Economic Risks
Geopolitical tensions and economic disputes between nations also impact the security of cross-border data transfers. Governments frequently introduce trade restrictions, data access laws, and national security policies that directly affect how companies share and process data across borders.
Companies in the finance, healthcare, and technology industries face increased compliance costs due to the need to establish localized data centers in different jurisdictions. The following table highlights the key geopolitical factors that impact cross-border data security:
Table 2: Geopolitical Factors Affecting Cross-Border Data Transfers
Disrupts international cooperation on cybersecurity standards
As geopolitical tensions continue to rise, businesses must remain vigilant in monitoring changes in regulatory policies that could impact their ability to transfer data securely. Proactive engagement with regulators and investment in compliance frameworks can help mitigate these risks and ensure seamless international operations.
Regulatory Compliance Strategies
Regulatory compliance in cross-border data transfers is critical to modern cybersecurity management. It ensures that organizations adhere to international, national, and industry-specific legal frameworks. Regulatory compliance strategies involve a combination of legal agreements, security frameworks, and technological implementations that ensure data privacy while allowing efficient international operations.
Legal Frameworks for Cross-Border Data Transfers
One of the most effective ways to ensure regulatory compliance is by leveraging legal frameworks to facilitate secure cross-border data transfers. Many countries impose strict conditions on data flows, requiring organizations to establish legally binding agreements before transferring personal data internationally. These agreements serve as a contractual assurance that companies will uphold high data protection standards regardless of where the data is stored. Compliance audits play a crucial role in assessing whether businesses adhere to regulatory standards, helping to identify gaps that could lead to legal infractions. A well-structured legal framework not only safeguards businesses from hefty fines but also strengthens their ability to withstand cyber threats by enforcing consistent data protection practices.
Implementation of Privacy-Enhancing Technologies
Beyond legal compliance, organizations must deploy privacy-enhancing technologies (PETs) to mitigate security risks associated with cross-border data transfers. Privacy-enhancing technologies are designed to minimize exposure to sensitive data while ensuring regulatory adherence. One of the most effective PETs is encryption, which secures data during transmission and storage, preventing unauthorized access. Advanced encryption protocols, such as end-to-end encryption and homomorphic encryption, enable organizations to process and analyze encrypted data without decrypting it, thereby reducing security vulnerabilities. Data masking is another crucial technology that obscures personal information, ensuring that only authorized users can access or process sensitive data. This technique is particularly useful in industries such as finance and healthcare, where regulatory compliance mandates strict data confidentiality.
Data Localization Compliance Strategies
In response to increasing regulatory concerns, many countries have introduced data localization laws that mandate businesses to store and process specific types of data within national borders. These regulations pose significant compliance challenges for multinational companies that rely on global data exchange to support business operations. Data localization laws vary widely across jurisdictions, with some requiring strict in-country storage while others impose conditional transfer mechanisms. Organizations operating in countries with stringent localization requirements must establish local data centers to comply with regulatory mandates. While this approach ensures legal compliance, it introduces financial and operational burdens, particularly for small and medium-sized enterprises that lack the resources to maintain multiple regional data centers.
Continuous Monitoring and Compliance Automation
Given the dynamic nature of data protection regulations, organizations must adopt continuous monitoring and compliance automation to maintain regulatory adherence. Artificial intelligence (AI) and machine learning (ML) technologies enhance compliance automation by analyzing vast amounts of data to identify patterns and detect anomalies. AI-driven compliance solutions can predict regulatory risks, suggest corrective actions, and optimize data transfer policies to minimize legal exposure. Additionally, blockchain technology offers a secure and transparent method for tracking data transactions, ensuring businesses maintain immutable compliance activity records. Blockchain-based compliance frameworks enhance data integrity and enable organizations to demonstrate regulatory adherence during audits and legal investigations.
Conclusion
The complexities of cross-border data transfers require organizations to adopt a comprehensive cybersecurity and compliance strategy that balances legal requirements, operational efficiency, and data security. The evolving regulatory landscape, characterized by varying national data protection laws, necessitates a proactive approach that includes legally binding frameworks such as Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs), the deployment of privacy-enhancing technologies like encryption and anonymization, and adherence to data localization mandates where applicable. At the same time, the growing threats of cyberattacks, including ransomware, phishing, and insider threats, highlight the need for continuous monitoring, automated compliance solutions, and robust security architectures to safeguard sensitive data during cross-border transactions.
Organizations that fail to align with international data regulations risk financial penalties, reputational damage, and legal liabilities, making it imperative to invest in compliance automation, cybersecurity awareness programs, and collaboration with policymakers to shape regulatory developments. As the digital economy expands, fostering a global framework for secure and compliant data transfer remains a critical priority, requiring continuous adaptation to emerging cybersecurity challenges and legal reforms.
About the author: Arfi Siddik Mollashaik, Solution Architect at Securiti.ai, USA
Arfi Siddik Mollashaik is a Solution Architect at Securiti.ai, USA, a leading enterprise data security, privacy, and compliance firm. The firm specializes in implementing data classification, discovery, privacy, and data subject rights and protection software for organizations worldwide. Having worked with many Fortune 500 companies, he has vast experience enhancing the data protection and privacy programs of healthcare, banking, and financial companies. He can be reached at siddik.mtech@gmail.com.
A New York federal court judge ordered Monday that recent Columbia University graduate Mahmoud Khalil cannot be deported from the United States until a further court order.
“To preserve the Court’s jurisdiction pending a ruling on the petition, Petitioner shall not be removed from the United States unless and until the Court orders otherwise,” wrote Jesse M. Furman, a district judge in Manhattan, in a court order filed late Monday afternoon. The order also set a conference for attorneys on March 12.
Khalil’s attorney Amy Greer had filed a motion opposing his detention on Sunday and attorneys with the Center for Constitutional Rights and Creating Law Enforcement Accountability and Responsibility project at the City University of New York School of Law were expected to file a motion on Monday demanding Khalil’s release.
During the campus protests that roiled Columbia University over Israel’s war on Gaza, Khalil served as a negotiator and mediator between school administrators and student protesters. A permanent U.S. resident expecting his first child, he graduated in December from Columbia’s School of International and Public Affairs.
Khalil was taken from his New York apartment Saturday evening by U.S. Immigration and Customs Enforcement agents. He is being held without any criminal charges at the LaSalle Detention Facility in Jena, Louisiana, a private jail operated by the GEO Group, according to the ICE detainee tracker. For the first 24 hours of his detention, Khalil’s attorneys and family were in the dark about his whereabouts.
When ICE agents showed up at Khalil’s home on Saturday, they claimed his student visa had been revoked, said Greer, who filed an initial petition challenging his detention over the weekend.
After learning Khalil was a green card holder, agents refused to release him. Greer said the agents even threatened to arrest his wife, a U.S. citizen who is eight months pregnant.
Khalil’s detention has drawn criticism and concern from rights experts, some Democratic lawmakers, and activists across the Palestinian liberation movement. A petition demanding Khalil’s release amassed more than 1.5 million signatures. Activists see the disappearance and potential deportation of an activist who has not been charged with a crime as a violation of the First Amendment and a new escalation in President Donald Trump’s crackdown on speech critical of Israel and its genocide of Palestinians.
“It sets the really dangerous precedent that this administration can punish its political opponents.”
“This is a very dangerous road that we’re going down,” said Ramya Krishnan, a senior staff attorney at the Knight First Amendment Institute at Columbia University. “That this administration is targeting students and faculty in this country based on their First Amendment-protected speech is deeply troubling and should be troubling not only for visa holders in this country, but for everyone, because it sets the really dangerous precedent that this administration can punish its political opponents in this way.”
“It means that none of us are really safe.”
Trump Takes Credit
Trump claimed credit for Khalil’s arrest on Monday afternoon, citing his previous executive orders targeting what he calls “pro-Hamas” protesters, pledging “this is the first arrest of many to come.”
“We know there are more students at Columbia and other Universities across the Country who have engaged in pro-terrorist, anti-Semitic, anti-American activity, and the Trump Administration will not tolerate it,” Trump wrote in a statement posted to his Truth Social account. “We will find, apprehend, and deport these terrorist sympathizers from our country — never to return again.” Trump added, “We expect every one of America’s Colleges and Universities to comply.”
Trump campaigned on the promise of deporting pro-Palestinian protesters and during his first days in office signed a pair of executive orders that called for crackdowns on the pro-Palestine protest movement. One of the orders that claims to “combat antisemitism” called on the State Department, Department of Homeland Security, and the Department of Education to track students and faculty who are in the U.S. on visas for possible removal.
When confirming Khalil’s arrest, the Department of Homeland Security alleged that he “led activities aligned to Hamas.” Secretary of State Marco Rubio also said Trump’s administration would be “revoking the visas and/or green cards of Hamas supporters in America so they can be deported.”
Trump administration officials have not been forthcoming about the legal grounds for Khalil’s detention, noted Krishnan, the Knight First Amendment Institute attorney.
“They’re deliberately obfuscating the authority that they’re relying on here,” Krishnan said. “It’s possible that they had a justification at that time, but it’s also possible they’re searching for one now that would justify the actions that they’ve taken against a green card holder.”
The Department of Homeland Security has not yet confirmed an immigration court date for Khalil.
Krishnan said Khalil has a strong First Amendment claim against his deportation. She cited the case of immigrants rights activist Ravi Ragbir, who had been targeted for deportation during Trump’s first term. He deportation was halted after his attorneys successfully argued in a lawsuit that the Trump administration was targeting him based on his speech critical of the administration’s immigration policies.
“It’s part of a broader pattern by this administration of targeting its political enemies.”
Even so, the chilling effect of Khalil’s arrest is already being felt across the movement, Krishnan said. She has heard from student editors of an undergraduate political science journal who shared that international students have requested to have their articles about Gaza be removed online out of fear of immigration consequences.
“It’s also important not to view this incident in isolation,” she said. “It’s part of a broader pattern by this administration of targeting its political enemies and retaliating against them, not only to silence those specific individuals and organizations, but to chill the speech of citizens more broadly.”
Ukraine’s export-to-GDP ratio dropped from 48% before the war to less than 30% since Russia destroyed much of its energy, chemical, mining and metallurgical sectors
The Trump administration has transformed the Biden-era “CBP One” app, which allowed migrants to apply for asylum in the United States from their home countries, into “CBP Home,” a platform aimed at streamlining the self-deportation of illegal immigrants.
CBP Home will automatically replace CBP One on users’ devices, and the Department of Homeland Security can use CBP One registrations to track migrants. Those opting to self-deport can submit their biographical details—including citizenship, intended departure country, contact information, and a photo for identity verification—to Customs and Border Protection, according to Fox News’s Bill Melugin.
The move marks a major shift in policy. The Biden administration used CBP One to process migrants at ports of entry, facilitating their asylum requests and parole into the United States. By the end of Joe Biden’s term, around one million migrants had entered the country through the app, the Washington Free Beaconreported. President Donald Trump ended the program on his first day back in office.
“The CBP Home app gives aliens the option to leave now and self-deport, so they may still have the opportunity to return legally in the future and live the American dream,” Secretary of Homeland Security Kristi Noem said in a statement to Fox News.
“If they don’t, we will find them, we will deport them, and they will never return,” Noem warned, noting that the new platform is “restoring integrity to our immigration system.”
Self-deportation significantly reduces costs for federal immigration authorities, freeing up resources to focus on removing criminal aliens, according to the DHS.
Trump has ramped up immigration enforcement since returning to the White House. Migrant encounters at the southern border have dropped to the lowest level since 2017. A total of 42,048 illegal migrants were removed from the United States between January 21 and February 18, according to Washington Post columnist Marc Thiessen.
