Threat Advisories

WINTAPIX Kernel Driver Targeting Middle Eastern Nations

May 24, 2023

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

The WINTAPIX driver, protected by VMProtect, targets Saudi Arabia and other Gulf countries, possibly linked to Iranian threat actors exploiting Exchange servers for malware deployment.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.

Advanced BlackCat Ransomware Using Triple Extortion Tactics and Signed Kernel Driver

Unveiling the Stealthy Operations of GoldenJackal APT Group