A group of attackers known as WindShift, suspected to be backed by a nation-state, has been using vulnerabilities in Apple's macOS operating system to target specific individuals in government and critical infrastructure across the Persian Gulf.
Forbes reported that this information had come from UAE-based Taha Karim, a security researcher at a company known as DarkMatter, who said the intended victims came from the Gulf states – Kuwait, Bahrain, the Sultanate of Oman, Saudi Arabia and the UAE.
The attack vector was the usual phishing mail; when links within it were clicked, malware known as WindTale and WindTape from the attackers' website was downloaded to the victim's computer.
Karim claimed that the malware was able to get past native macOS security measures and could exfiltrate documents and also take screenshots of a victim's desktop.
In
a synopsis of a talk on the malware attacks — on which he presented a paper at the Hack in the Box conference in Singapore on 30 August — Karim said the WindShift advanced persistent threat was "an obscure cyber espionage actor, discovered recently targeting individuals working at a government".
"This actor has a dedicated and advanced spear phishing infrastructure, able to serve spear phishing emails and SMS to track individuals continuously during the reconnaissance phase, and deceiving targets during the credentials harvesting phases through the impersonation of global and local platform providers."
He said what differentiated WindShift from other APT actors was its "focus on specific individuals for espionage and surveillance purposes and their very hard-to-attribute modus operandi".
WindShift rarely engaged targets with malware. "DarkMatter uncovered very few targeted attacks from this actor and was able to uncover and analyse macOS malware used," Karim said.
"Finally, WindShift has unique macOS infection tricks abusing macOS native functionalities to automatically spread malware to targets."
iTWire has contacted DarkMatter for further comment. Forbes said it had contacted Apple for comment, but not received a response.
INTRODUCING ITWIRE TV
iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.
We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.
In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.
We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.
See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.
SEE WHAT'S ON ITWIRE TV NOW!
