Cyber-Attacks On The  Political Bait And Malware Are Being Used To Target Palestine.

Researchers have identified a new wave of offensive cyberattacks aimed at Palestinian activists and entities that began in October 2021 and included politically oriented hacking emails and fake documents. The attacks are part of Cisco Talos that describes as a long-running spy and data theft effort by the Arid Viper hacking gang, which began in June 2017 and used a Delphi-based implant called Micropsia.

The threat actor’s operations, also known as the APT-C-23 and Desert Falcon, were registered by Kasperksy in February 2015, and then again in 2017, when Qihoo 360 revealed information of cross-platform backdoors designed by the group to attack Palestinian institutions.

 In April 2021, Meta (formerly Facebook) announced that it had taken steps to remove the external threat from its platform for distributing mobile malware against individuals associated with pro-Fatah groups, Palestinian government organisations, military and security personnel, and student groups in Palestine, citing the group’s ties to Hamas’ cyber arm.

Despite a lack of change in their tooling, the group’s latest activity depends on the same methods and document used in 2017 and 2019, indicating a certain amount of success.  More current fake files speak to Palestinian reunification and sustainable development in the land, and when opened, they install Micropsia on infected devices.

Finally the researchers concluded that ,” Arid Viper is a perfect example of groups that aren’t extremely technologically advanced, but with certain motives are evolving over time and testing their tools and methods on their targets. These can be exploited to get long-term access to victim environments and then deploy further malware aimed at espionage and stealing data and passwords.

–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s