Let Streamyx Blog

Cybersecurity researchers have turned the spotlight on a new wave of offensive cyberattacks targeting Palestinian activists and entities starting around October 2021 using politically-themed phishing emails and decoy documents.

The intrusions are part of what Cisco Talos calls a longstanding espionage and information theft campaign undertaken by the Arid Viper hacking group using a Delphi-based implant called Micropsia dating all the way back to June 2017.

The threat actor's activities, also tracked under the monikers Desert Falcon and the APT-C-23, were first documented in February 2015 by Kasperksy and subsequently in 2017, when Qihoo 360 disclosed details of cross-platform backdoors developed by the group to strike Palestinian institutions.

The Russian cybersecurity company-branded Arid Viper the "first exclusively Arabic APT group."

Then in April 2021, Meta (formerly Facebook), which pointed out the group's affiliations to the cyber arm of Hamas, said it took steps to boot the adversary off its platform for distributing mobile malware against individuals associated with pro-Fatah groups, the Palestinian government organizations, military and security personnel, and student groups within Palestine.

                                    Decoy document containing text on Palestinian reunification

The raft of new activity relies on the same tactics and document lures used by the group in 2017 and 2019, suggesting a "certain level of success" despite a lack of change in their tooling. More recent decoy files reference themes of Palestinian reunification and sustainable development in the territory that, when opened, lead to the installation of Micropsia on compromised machines.

The backdoor is designed to give the operators an unusual range of control over the infected devices, including the ability to harvest sensitive information and execute commands transmitted from a remote server, such as capturing screenshots, recording the current activity log, and downloading additional payloads.

"Arid Viper is a prime example of groups that aren't very advanced technologically, however, with specific motivations, are becoming more dangerous as they evolve over time and test their tools and procedures on their targets," researchers Asheer Malhotra and Vitor Ventura said.

"These [remote access trojans] can be used to establish long-term access into victim environments and additionally deploy more malware purposed for espionage and stealing information and credentials."

Related articles

1. Termux Hacking Tools 2019
2. Hacking Tools 2019
3. Pentest Tools Tcp Port Scanner
4. Bluetooth Hacking Tools Kali
5. Pentest Tools Linux
6. Best Pentesting Tools 2018
7. Hacker Tools For Windows
8. Hacking Tools For Beginners
9. Hacker Tools For Ios
10. Physical Pentest Tools
11. Pentest Tools Linux
12. Hack Tool Apk No Root
13. Hacker Tools List
14. Pentest Tools Framework
15. Hack Tools 2019
16. New Hacker Tools
17. Hack Tool Apk No Root
18. Hacker Tools For Pc
19. Hack Tools For Games
20. Install Pentest Tools Ubuntu
21. Hacker Tools Mac
22. Pentest Tools Download
23. Pentest Tools Tcp Port Scanner
24. Hack Tools For Pc
25. Pentest Recon Tools
26. Hacker Tools For Ios
27. Usb Pentest Tools
28. Hacking Tools 2020
29. Hacking Tools For Windows Free Download
30. Hacker Tools For Mac
31. Hack Tools For Games
32. New Hack Tools
33. Hack App
34. Hacking Tools For Windows
35. Underground Hacker Sites
36. Black Hat Hacker Tools
37. Hacker Tools Github
38. Pentest Tools Port Scanner
39. Hacker Tools Windows
40. Hack Tools
41. Physical Pentest Tools
42. Hacker Tools Software
43. Hacking Tools And Software
44. Physical Pentest Tools
45. Hacking Tools Pc
46. Ethical Hacker Tools
47. Hacking Tools For Kali Linux
48. Free Pentest Tools For Windows
49. What Are Hacking Tools
50. Hack Tools
51. New Hack Tools
52. How To Hack
53. Pentest Tools Windows
54. Beginner Hacker Tools
55. Hacker
56. Hack Tools For Pc
57. Hacker Tools For Ios
58. How To Install Pentest Tools In Ubuntu