Shapeshift

Shapeshift is a sophisticated malware associated with other malicious software including DROPSHIFT, TURNEDUP, NANOCORE, NETWIRE, and ALFA Shell. This malware has been linked to APT33 (also known as Elfin or Refined Kitten), an Iranian hacking group notorious for its spear-phishing attacks against the aerospace and energy sectors. The Shapeshift malware exploits computer systems through suspicious downloads, emails, or websites, often infiltrating without the user's knowledge. Once inside, it can cause significant damage by stealing personal information, disrupting operations, or even holding data hostage for ransom. APT33 has employed Shapeshift in several notable incidents, using spear-phishing emails specifically targeted at employees whose roles are connected to the aviation industry. These targeted attacks have had significant impacts on both individuals and organizations within this sector. In one instance reported by The Hacker News in December 2022, a campaign dubbed "Peach Sandstorm" saw Iranian hackers, likely linked to APT33, strike the diamond industry, further demonstrating the group's broad range of targets and their use of Shapeshift malware. The rise of digital assets has also seen the co-opting of the industry by various groups, as reported in CoinGeek’s Crypto Crime Cartel series. Groups ranging from BitMEX to Binance, Bitcoin.com, Blockstream, ShapeShift, Coinbase, Ripple, Ethereum, FTX, and Tether have turned the industry into a minefield for both naive and experienced market players. While the direct involvement of Shapeshift malware in these activities is not explicitly stated, the association of the name suggests a potential link that warrants further investigation.