"New WinTapix.sys Malware Engages in Multi-Stage Attack Across Middle East"

Since at least May 2020, an unknown threat actor has been observed using a malicious Windows kernel driver in attacks likely targeting the Middle East. Fortinet Fortiguard Labs, which labeled the artifact WINTAPIX (WinTapix.sys), links the malware, with low confidence, to an Iranian threat actor. According to security researchers, WinTapix.sys is a loader, so its primary objective is to produce and execute the next phase of the attack, which is achieved using a shellcode. Samples and telemetry data analyzed by Fortinet indicate that Saudi Arabia, Jordan, Qatar, and the United Arab Emirates are the primary targets of the campaign. The activity has not been attributed to a previously identified threat actor or group. Using a malicious kernel mode driver aims to subvert or disable security mechanisms and gain access to the targeted host. This article continues to discuss researchers' observations and findings regarding the new WinTapix.sys malware.  

THN reports "New WinTapix.sys Malware Engages in Multi-Stage Attack Across Middle East"