Cybersecurity researchers have turned the spotlight on a new wave of offensive cyberattacks targeting Palestinian activists and entities starting around October 2021 using politically-themed phishing emails and decoy documents.
The intrusions are part of what Cisco Talos calls a longstanding espionage and information theft campaign undertaken by the Arid Viper hacking group using a Delphi-based implant called Micropsia dating all the way back to June 2017.
The threat actor's activities, also tracked under the monikers Desert Falcon and the APT-C-23, were first documented in February 2015 by Kasperksy and subsequently in 2017, when Qihoo 360 disclosed details of cross-platform backdoors developed by the group to strike Palestinian institutions.
The Russian cybersecurity company-branded Arid Viper the "first exclusively Arabic APT group."
Then in April 2021, Meta (formerly Facebook), which pointed out the group's affiliations to the cyber arm of Hamas, said it took steps to boot the adversary off its platform for distributing mobile malware against individuals associated with pro-Fatah groups, the Palestinian government organizations, military and security personnel, and student groups within Palestine.
Decoy document containing text on Palestinian reunification
The raft of new activity relies on the same tactics and document lures used by the group in 2017 and 2019, suggesting a "certain level of success" despite a lack of change in their tooling. More recent decoy files reference themes of Palestinian reunification and sustainable development in the territory that, when opened, lead to the installation of Micropsia on compromised machines.
The backdoor is designed to give the operators an unusual range of control over the infected devices, including the ability to harvest sensitive information and execute commands transmitted from a remote server, such as capturing screenshots, recording the current activity log, and downloading additional payloads.
"Arid Viper is a prime example of groups that aren't very advanced technologically, however, with specific motivations, are becoming more dangerous as they evolve over time and test their tools and procedures on their targets," researchers Asheer Malhotra and Vitor Ventura said.
"These [remote access trojans] can be used to establish long-term access into victim environments and additionally deploy more malware purposed for espionage and stealing information and credentials."
Related articles
- Pentest Tools Online
- Hacks And Tools
- Hack App
- Blackhat Hacker Tools
- Hack Tool Apk No Root
- How To Make Hacking Tools
- Hacker Techniques Tools And Incident Handling
- Hack Tool Apk
- Hak5 Tools
- Hacker Tool Kit
- Hacking Tools Windows 10
- Hacking Tools 2019
- Hack And Tools
- What Are Hacking Tools
- Hack Tools For Mac
- Hack Tool Apk
- Hack Apps
- Growth Hacker Tools
- Computer Hacker
- Hacker Tools For Mac
- How To Make Hacking Tools
- Nsa Hacker Tools
- Hacker Tools Free
- Best Hacking Tools 2020
- Hacker Tools Software
- Hacker Search Tools
- Hacking Tools Software
- Hack Tools
- Hacker Search Tools
- Hacking Tools For Mac
- Pentest Tools Windows
- What Are Hacking Tools
- Hacking Tools For Pc
- Computer Hacker
- Hacker Tools List
- Pentest Recon Tools
- Hacking Tools Hardware
- Hacking Tools Github
- Bluetooth Hacking Tools Kali
- Hacker Tools 2020
- Pentest Tools Free
- Android Hack Tools Github
- How To Install Pentest Tools In Ubuntu
- Hack App
- Pentest Tools Nmap
- How To Hack
- Hack Tools For Ubuntu
- Tools 4 Hack
- Pentest Tools Find Subdomains
- Pentest Tools Review
- Pentest Tools For Windows
- Hacking Tools For Mac
- Hacker Tool Kit
- Hack Tools Github
- Hacker Tools Hardware
- Hacking Tools Pc
- Hacking Tools For Windows
- Pentest Tools Linux
- Hacking Tools Windows 10
- Hack Tools Online
- Pentest Tools Linux
- Black Hat Hacker Tools
- Best Hacking Tools 2020
- Hack Tools Download
- Usb Pentest Tools
- Hack And Tools
- Pentest Tools Free
- Hacking Tools Pc
- Hack Tools For Games
- Nsa Hack Tools
- Hacking Tools For Windows Free Download
- Free Pentest Tools For Windows
No comments:
Post a Comment