Cybersecurity firm Kaspersky warns that Sri Lanka has become a prime target for SideWinder, the Asia-Pacific region’s most relentless cyber threat group. With a growing interest in military, nuclear, and maritime data, this APT group’s activities could pose serious risks to the island nation’s national security and critical infrastructure.
Global cybersecurity leader Kaspersky has issued a stark warning: Sri Lanka is now firmly in the crosshairs of SideWinder, a notorious advanced persistent threat (APT) group identified as the most aggressive cyber actor in the Asia-Pacific (APAC) region.
The revelation was made during Kaspersky’s recent Cyber Security Weekend in Da Nang, Vietnam, where top researchers unveiled troubling trends in cyber espionage targeting the region. Among them, SideWinder’s growing footprint stood out as a critical concern, particularly for governments, military networks, and critical national infrastructure.
Kaspersky’s Lead Security Researcher, Noushin Shabab of the Global Research and Analysis Team (GReAT), outlined how APT groups like SideWinder are intensifying efforts to infiltrate sensitive sectors across the APAC region. Sri Lanka has now been added to the expanding list of SideWinder’s targets, which already includes countries such as Bangladesh, Cambodia, Vietnam, China, India, the Maldives, Nepal, Myanmar, Indonesia, and the Philippines.
Known for its advanced cyber-espionage tactics, SideWinder primarily focuses on extracting classified government and military intelligence. The group has shown a persistent interest in maritime operations, energy facilities, and logistics infrastructure—areas deemed vital for national security. According to Shabab, the group’s new focus also includes nuclear power plants and high-value energy targets across South Asia.
One of the most alarming aspects of SideWinder’s strategy is its use of sophisticated spear-phishing campaigns. These attacks often arrive in the form of seemingly official emails containing malware-laced attachments. Disguised as regulatory updates or operational memos, the emails, when opened, trigger a malware chain that can grant attackers deep access to networks, allowing them to harvest sensitive operational and personnel data.
While Kaspersky did not disclose specific past attacks against Sri Lanka, the inclusion of the country in SideWinder’s active campaign zone raises serious alarms for cybersecurity officials and critical infrastructure operators. The group’s continued activity in the region signals a high likelihood of future infiltration attempts, particularly aimed at government and defense networks.
“These campaigns are not just about stealing data. They’re about gaining a decisive geopolitical edge,” Shabab warned. She emphasized the urgency for countries like Sri Lanka to bolster cybersecurity defenses, enhance threat intelligence capabilities, and remain vigilant against evolving threat vectors.
Kaspersky is currently monitoring more than 900 APT groups and operations globally, with the APAC region drawing increasing attention from cybercriminals. In 2024 alone, the company blocked over 8 million ransomware attacks, discovered more than 200,000 new variants of banking malware, and prevented 62 million malicious online incursions in APAC nations.
For Sri Lanka, the message is clear: cyber threats are no longer hypothetical. They are active, aggressive, and potentially devastating. It is now up to the nation’s public and private sectors to take decisive action to secure the digital frontlines.
