Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks


From September 2022, there have been reports that Arid Viper, who is a cyber attacker, is using new versions of their malicious software toolkit to target entities located in Palestine.

According to Symantec, who is monitoring the group known as Mantis named after insects, the enemy is making significant efforts to sustain a continuous existence on specific networks.

The group of hackers, identified as APT-C-23 or Desert Falcon, has been associated with cyber attacks targeting Palestine and the Middle East since at least 2014.

Mantis has employed a variety of custom-made malicious software tools like ViperRat, FrozenCell (called VolatileVenom), and Micropsia to perform and hide its attacks on Windows, Android, and iOS devices.

According to a report released by Kaspersky in February 2015, it is believed that the threat actors, who are associated with the cyber warfare division of Hamas, originate from Palestine Egypt and Turkey and are fluent in Arabic. This information corroborates earlier reports on this group.

In April of 2022, important Israeli figures working in significant fields such as defense, law enforcement, and emergency services were identified as the victims of a new type of Windows backdoor called BarbWire.

The group generally uses spear-phishing emails and false social credentials to execute their attack plans, which involve deceiving individuals into downloading malware on their electronic devices.

The latest assaults described by Symantec involve the usage of modified forms of its individualized Micropsia and Arid Gopher implants to infiltrate objectives before engaging in theft of confidential information and removal of pilfered data.

Arid Gopher is a program written in the programming language Go, and it's a version of the previously discovered Malware called Micropsia. The creators of Arid Gopher have switched to Go to avoid detection. This shift is not uncommon since Go allows malware to remain undetected.

The Micropsia tool has the capability to launch additional payloads such as Arid Gopher. In addition, it can record keystrokes, capture screenshots, and store Microsoft Office files using a customized Python program in RAR archives for the purpose of extraction.

According to Deep Instinct, Arid Gopher is a type of malware that steals information and shares it with a command-and-control network. Its purpose is to obtain sensitive system data and maintain its presence on the system. This is similar to its predecessor, Micropsia.

Symantec's investigation has revealed that Mantis utilized three different variations of Micropsia and Arid Gopher on separate groups of workstations from December 18, 2022, to January 12, 2023, in order to maintain access.

Arid Gopher has been consistently updated and rewritten by those attacking it, who have altered the logic between versions in order to avoid detection.

Mantis is an opponent with a strong will to succeed, demonstrated by their dedication to refining their malware and dividing targeted attacks into multiple discreet strands in order to lower the risk of total exposure. Symantec determined that an operation has been identified.

Post a Comment

Previous Post Next Post