SideWinder Hacks Diplomats Using ClickOnce Attack Chain

A threat actor known as SideWinder has launched a new cyber campaign targeting diplomatic entities across South Asia, including a European embassy in New Delhi. The operation, which began in September 2025, demonstrates how SideWinder hacks diplomats using a more advanced attack chain. Researchers say the group now leverages malicious PDF files in combination with Microsoft’s ClickOnce deployment technology to deliver its payloads.

The campaign also affected organizations in Sri Lanka, Pakistan, and Bangladesh. Security analysts have observed a clear shift in SideWinder’s tactics, techniques, and procedures, marking a significant evolution in its approach. By exploiting ClickOnce, the group bypasses traditional email defenses and enhances its ability to execute targeted attacks. This refinement shows how SideWinder hacks diplomats with increasing technical sophistication.

The group’s continued focus on diplomatic targets highlights growing regional cyber tensions. For a detailed breakdown of the campaign and its technical components, read the full report here:
https://thehackernews.com/2025/10/sidewinder-adopts-new-clickonce-based.html