🎭 SideWinder Deploys Zimbra Clone Against South Asian Government Targets APT g...

🎭 SideWinder Deploys Zimbra Clone Against South Asian Government Targets APT group SideWinder is running a credential harvesting operation against Bangladesh Navy and Pakistan Ministry of Foreign Affairs using a phishing kit on Cloudflare Workers. The attack uses a fake Chrome PDF viewer showing blurred diplomatic documents, then redirects to a pixel-perfect Zimbra login clone that dynamically fetches legitimate CSS and assets via reverse proxy. The campaign was exposed after researchers triggered a server error revealing the developer's Linux username and project structure. The kit employs session management with rotating CSRF tokens and pre-fills usernames after failed logins to trick victims into re-entering credentials. 🛰️ Open sources - closed narratives @sitreports