New Wave Of Cyber Attacks Target Palestine With Political Bait And Malware

 

Cybersecurity researchers have turned the spotlight on a new wave of offensive cyberattacks targeting Palestinian activists and entities starting around October 2021 using politically-themed phishing emails and decoy documents.

The intrusions are part of what Cisco Talos calls a longstanding espionage and information theft campaign undertaken by the Arid Viper hacking group using a Delphi-based implant called Micropsia dating all the way back to June 2017.

The threat actor's activities, also tracked under the monikers Desert Falcon and the APT-C-23, were first documented in February 2015 by Kasperksy and subsequently in 2017, when Qihoo 360 disclosed details of cross-platform backdoors developed by the group to strike Palestinian institutions.

The Russian cybersecurity company-branded Arid Viper the "first exclusively Arabic APT group."

Then in April 2021, Meta (formerly Facebook), which pointed out the group's affiliations to the cyber arm of Hamas, said it took steps to boot the adversary off its platform for distributing mobile malware against individuals associated with pro-Fatah groups, the Palestinian government organizations, military and security personnel, and student groups within Palestine.

                                    Decoy document containing text on Palestinian reunification

The raft of new activity relies on the same tactics and document lures used by the group in 2017 and 2019, suggesting a "certain level of success" despite a lack of change in their tooling. More recent decoy files reference themes of Palestinian reunification and sustainable development in the territory that, when opened, lead to the installation of Micropsia on compromised machines.

The backdoor is designed to give the operators an unusual range of control over the infected devices, including the ability to harvest sensitive information and execute commands transmitted from a remote server, such as capturing screenshots, recording the current activity log, and downloading additional payloads.

"Arid Viper is a prime example of groups that aren't very advanced technologically, however, with specific motivations, are becoming more dangerous as they evolve over time and test their tools and procedures on their targets," researchers Asheer Malhotra and Vitor Ventura said.

"These [remote access trojans] can be used to establish long-term access into victim environments and additionally deploy more malware purposed for espionage and stealing information and credentials."

Related posts

1. Pentest Tools Review
2. Hacker Techniques Tools And Incident Handling
3. Game Hacking
4. Pentest Tools Alternative
5. Hack Tools Mac
6. Hacker Tools For Mac
7. Hacker Tools Free Download
8. Hak5 Tools
9. Pentest Tools Free
10. Tools Used For Hacking
11. Hack Tools For Windows
12. Hacking Tools For Mac
13. Hack Tools
14. Hacking Tools For Windows
15. Hacking Tools Online
16. Hacker Tools
17. Hacker Tools Github
18. Bluetooth Hacking Tools Kali
19. Kik Hack Tools
20. Pentest Tools Apk
21. Usb Pentest Tools
22. Game Hacking
23. Kik Hack Tools
24. Hacking Tools For Mac
25. Pentest Tools Linux
26. Tools 4 Hack
27. Hacker Tools Linux
28. Hack Tools For Mac
29. Pentest Tools Windows
30. Pentest Tools Review
31. Hacking Tools For Mac
32. Hacking App
33. Hacking Tools Windows
34. Hacker Tools For Mac
35. Hacking Tools Hardware
36. Hacking Tools For Windows
37. Tools For Hacker
38. Beginner Hacker Tools
39. Pentest Tools Online
40. Pentest Tools Subdomain
41. What Are Hacking Tools
42. Kik Hack Tools
43. Hackers Toolbox
44. Github Hacking Tools
45. Hacker Tools List
46. Pentest Tools Online
47. Hack Tools Download
48. Free Pentest Tools For Windows
49. Hack Tools 2019
50. Hacker Tools Apk Download
51. Pentest Tools Website Vulnerability
52. Pentest Tools For Android
53. Beginner Hacker Tools
54. Pentest Tools Website Vulnerability
55. Hacker
56. Best Hacking Tools 2020
57. Hack Tool Apk No Root