Windshift: Malware Recycled

A recently published deck (PDF) by Abu Dhabi-based DarkMatter’s Taha Karim draws an interesting conclusion: that an Indian cybersecurity group called Appin, active a few years ago, was either targeted by an advanced APT group (and its tools stolen), or its tools stolen by a rogue employee, or that its tools were sold to a third party. The reason: Karim found evidence of Appin’s tools and infrastructure in covert hacks into governments by a group with overlaps to several existing APT actors, some with links to Russia.

The groups that Karim’s report finds overlaps with (either modus operandi, infrastructure, similarities in coding practice etc) are:

The possible connection with Appin is in a likely rewrite of surveillance malware called Hack Back aka KitM OSX: DarkMatter found the exact helper function re-used, the same C&C servers and some other similarities.

DarkMatter calls the APT it has discovered Windshift and says it is currently targeting government using Appin tools. It does not attempt to offer attribution, says it’s been operating since at least January 2017, goes after specific individuals (judging from the screenshots, Gulf states) using “versatile, sophisticated and unpredictable” spearphish, and is still active.

Appin was an Indian cybersecurity company blamed in some accounts for cyberespionage attacks back in 2013. The company fiercely denied the reports. Not much has been heard of the company since though reports of its tools appearing elsewhere have surfaced from time to time. Last Year a company called Cymmetria believed it saw a connection with Appin in an attack it called Patchwork that was aimed at South Asian and Southeast Asian targets, and appeared to be ‘pro-Indian’:

Carefully, we feel obligated to note that further evidence suggests potential links between this threat actor and the operations known as Hangover/Appin, but this possible link is still being researched and is far from conclusive.

Appin has been out of the public eye for a few years now, but its CEO, Rajat Khare has recently resurfaced as an investor, via his Boundary Holding company, in a Singapore video analytics startup called XRVision.

Microsoft, never sexy, grows up

By Jeremy Wagstaff

We didn’t really notice it but the past week or so has seen the passing of an era. We are no longer in a world where Microsoft wants to peer through our Windows, as it were. As Ben Thompson noted in his Stratechery newsletter, the company’s recent Ignite Conference passed largely unnoticed by the wider world, in part because it was aimed squarely at “information technology professionals”. All the talk was of cloud, AI, office.

This is the market for Microsoft these days, not consumers. No more queuing up round the block for the next version of Windows. No more bossing you around to get Microsoft’s own browser to be the default on your computer. Well, actually, that’s not completely true. In September, Microsoft did try to prod Windows 10 users away from Google’s Chrome or Firefox browsers but later thought better of it. Bad habits die hard.

It’s not that Macs have taken over PCs, though if you attend any geek fest, or give a lecture, you’re bound to be struck by how many Macbooks there are. Macbooks are about the 4th biggest brand of notebook out there — all the rest run Windows. But of course people aren’t usin notebooks, or laptops, or whatever we call them, as much anymore. We use smartphones. In the last quarter there were 350 million smartphones shipped. In the same quarter there were 62 million PCs shipped. (And as smartphones get bigger and more powerful, they are also nudging out tablets of which only 33 million were shipped in the quarter, its 15th straight decline.)

The stark reality: Microsoft, which you may recall once owned Nokia, is no longer in the consumer mobile phone business, and is in full and open retreat. Last month it said it would not update its Office Mobile apps, which had been designed for its Windows Phone and smaller Windows 10 tablets. Tellingly, and perhaps humiliatingly, it’s continuing to develop versions of the app for Android and Apple’s iOS.

This doesn’t mean that Microsoft is out of the consumer world. Its Surface devices get good press, some more are about to be announced, and 700 million PCs are running the latest version of Windows. But the world has changed and Microsoft has woken up to it. Apple now produces the devices we like to stroke; Google produces the operating system every manufacturer of a mobile device will happily install; others will sit happily somewhere in between. Microsoft, under Nadella, has realised that sitting on the device at your workplace, and increasingly in the cloud behind it, is not a bad place to be. If it can also be one of the main apps that you use on your Galaxy or iPhone all the better.

It won’t be a sexy business, but Microsoft, let’s face it, was never sexy. We took their stuff, from the mid 1980s to the the late noughties, because we weren’t seriously offered anything else. We were in a way the enterprise customer of today: we accepted what we were given, and made the most of it. Installing apps seemed somehow radical, unless they were from Microsoft — and most were, let’s face it, from word processsing to encyclopedias. Microsoft was the Ford of the computer world.

But now the world is a lot different to 20 years ago, when what we saw on our desktop screens was the vista of our digital world (no mistake that the desktop background of Windows was a sloping field leading to enticing blue sky.) Microsoft could box us in because it was the only window we had onto that world: now we have a mobile phone, which while smaller, moves around with us, holding our gaze. Soon virtual, augmented and mixed realities will be the new normals. In between will sit algorithms, data, artificial intelligence, sensors, haptics, collecting, anticipating, feeling, trying to understand us better. The consumer world will move a little too quickly for some.

The enterprise, on the other hand, will be what the consumer world once was: less demanding, more uniform. Led by demands of security, compatibility, standards, efficiency. There will be overlaps, and a lot of the AI and other innovations driving the consumer world will be there in the enterprise world too. But the enterprise will be a safer bet for Microsoft, one it understands better. It may do very well.