WindShift is a threat actor, also known as Windy Phoenix. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does WindShift exploit?

Specific CVE exploitation data for WindShift is being tracked. Check the Strobes VI threat actor profile for updates.

WindShift

Also known as: Windy Phoenix

Exploited CVEs

Overview

In August of 2018, DarkMatter released a report entitled “In the Trails of WINDSHIFT APT”, which unveiled a threat actor with TTPs very similar to those of Bahamut. Subsequently, two additional articles were released by Objective-See which provide an analysis of some validated WINDSHIFT samples targeting OSX systems. Pivoting on specific file attributes and infrastructure indicators, Unit 42 was able to identify and correlate additional attacker activity and can now provide specific details on a targeted WINDSHIFT attack as it unfolded at a Middle Eastern government agency.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database