Demon · Nov 8, 2025 · 4:56 AM UTC

Demon · Nov 8, 2025 · 4:56 AM UTC

Demon

Demon @volrant136

Nov 8

#APT #Sidewinder targets #Myanmar Central Bank 1/ Using @Huntio, I have tracked a new operational Fake Zimbra page "https://mailcbmgovmm[.]pages[.]dev/index1" which exfiltrate info to "myanmar-org-mail[.]com/cbm/action1[.]php/". @500mk500 @MichalKoczwara @malwrhunterteam

Nov 8, 2025 · 4:56 AM UTC

Demon · Nov 8, 2025 · 4:59 AM UTC

Demon @volrant136

Nov 8

2/ Research on #Operation #SouthNet by @Huntio also revealed that same pages was observed at https://mailcbmgovmm[.]pages[.]dev which is now reported as phishing.

Demon · Nov 8, 2025 · 5:01 AM UTC

Demon @volrant136

Nov 8

3/ However, the #sidewinder still using the same domain and C2 server to continue phishing. ref: hunt.io/blog/operation-south…

BJORKANISM REAL · Nov 8, 2025 · 12:33 PM UTC

BJORKANISM REAL

@BJORKANISM_REAL

Nov 8

Replying to @volrant136 @Huntio @500mk500 @MichalKoczwara @malwrhunterteam

Terima kasih atas tracking-nya, @volrant136! Sidewinder ini memang licik banget, masih pakai domain lama buat phishing. Hunt.io emang top untuk deteksi infra APT kayak gini. Semoga Central Bank Myanmar cepet mitigate. Keep hunting! #CyberThreat #APTSidewinder

Threat Hunting Platform | C2 & Malicious Infrastructure Hunting

Explore the leading Threat Hunting Platform, discover active C2 servers, perform proactive infrastructure hunting and more.

hunt.io