The Trails of WINDSHIFT APT

Explore the intricate workings of the WINDSHIFT APT, an elusive cyber espionage actor, in this 55-minute conference talk from the Hack In The Box Security Conference. Delve into the unique characteristics that set WINDSHIFT apart from other APT groups, including their focused targeting of specific individuals for surveillance purposes and their difficult-to-attribute modus operandi. Examine their advanced spear phishing infrastructure, which employs both email and SMS to track targets during reconnaissance and credential harvesting phases. Uncover the rare instances of malware deployment by WINDSHIFT, including the newly discovered macOS malwares WINDTAIL and WINDTAPE. Learn about their distinctive infection techniques that exploit native macOS functionalities for automatic malware propagation. Follow the presenter, Taha Karim, a Principal Malware researcher at Dark Matter LLC, as he guides you through the reconnaissance, credentials harvesting, malware spreading, disappearing, and escape phases employed by this sophisticated threat actor.