| SYMBOL | COMMON_NAME | aka. SYNONYMS |
In August of 2018, DarkMatter released a report entitled “In the Trails of WINDSHIFT APT”, which unveiled a threat actor with TTPs very similar to those of Bahamut. Subsequently, two additional articles were released by Objective-See which provide an analysis of some validated WINDSHIFT samples targeting OSX systems. Pivoting on specific file attributes and infrastructure indicators, Unit 42 was able to identify and correlate additional attacker activity and can now provide specific details on a targeted WINDSHIFT attack as it unfolded at a Middle Eastern government agency.
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Windy Phoenix WindShift |
| 2019-12-12
⋅
Virus Bulletin
⋅
Cyber espionage in the Middle East: unravelling OSX.WindTail WindTail |
| 2019-04-24
⋅
SpecterOps
⋅
Introducing Venator: A macOS tool for proactive detection AppleJeus WindTail |
| 2019-04-08
⋅
SANS Cyber Security Summit
⋅
Trails of WindShift WindTail ZhMimikatz |
| 2019-02-21
⋅
Palo Alto Networks Unit 42
⋅
Shifting in the Wind: WINDSHIFT Attacks Target Middle Eastern Governments WindShift |
| 2019-01-15
⋅
Obective See
⋅
Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail (part 2) WindTail |
| 2018-12-20
⋅
Objective-See
⋅
Middle East Cyber-Espionage: analyzing WindShift's implant: OSX.WindTail (part 1) WindTail |
| 2018-08-30
⋅
Forbes
⋅
Hackers Are Exposing An Apple Mac Weakness In Middle East Espionage WindTail |
| 2018-01-01
⋅
DarkMatter
⋅
IN THE TRAILS OF WINDSHIFTAPT WindTail WindShift |