 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
APT group: WindShift| Names | WindShift (DarkMatter) Windy Phoenix (Palo Alto) | |
| Country | [Unknown] | |
| Motivation | Information theft and espionage | |
| First seen | 2018 | |
| Description | (Palo Alto) In August of 2018, DarkMatter released a report entitled “In the Trails of WindShift APT”, which unveiled a threat actor with TTPs very similar to those of Bahamut. Subsequently, two additional articles were released by Objective-See which provide an analysis of some validated WindShift samples targeting OSX systems. Pivoting on specific file attributes and infrastructure indicators, Unit 42 was able to identify and correlate additional attacker activity and can now provide specific details on a targeted WindShift attack as it unfolded at a Middle Eastern government agency. | |
| Observed | Sectors: Government. Countries: Middle East. | |
| Tools used | WindTail. | |
| Information | <https://unit42.paloaltonetworks.com/shifting-in-the-wind-windshift-attacks-target-middle-eastern-governments/> <https://gsec.hitb.org/materials/sg2018/D1%20COMMSEC%20-%20In%20the%20Trails%20of%20WINDSHIFT%20APT%20-%20Taha%20Karim.pdf> | |
| MITRE ATT&CK | <https://attack.mitre.org/groups/G0112/> | |
| Playbook | <https://pan-unit42.github.io/playbook_viewer/?pb=windyphoenix> | |
Last change to this card: 10 March 2024
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |