SideWinder Adopts New ClickOnce-Based Attack Chain Targeting South Asian Diplomats

A European embassy located in the Indian capital of New Delhi, as well as multiple organizations in Sri Lanka, Pakistan, and Bangladesh, have emerged as the target of a new campaign orchestrated by a threat actor known as SideWinder in September 2025.
The activity “reveals a notable evolution in SideWinder’s TTPs, particularly the adoption of a novel PDF and ClickOnce-based infection chain, in