New Cyber Attacks Threats to Palestine with Political Bait

New Cyber Attacks Threats to Palestine with Political Bait

Short News:- 

The Arid Viper hacking group has been using a Delphi-based implant called Micropsia since June of last year. There is a "certain level of success" despite a lack of tooling change in the new activity, researchers say. The latest decoy files reference Palestinian reunification and sustainable development in the territory.

Detailed News:- 

Using phishing emails and decoy documents with political overtones, security researchers have discovered a new wave of offensive cyberattacks aimed at Palestinian activists and organizations beginning in October 2021.

According to Cisco Talos, the Arid Viper hacking group has been using a Delphi-based implant called Micropsia since June of last year to conduct espionage and information theft.

First documented by Kasperksy in February 2015 and then by Qihoo 360, the threat actor's activities, also known as the Desert Falcon and the APT-C-23, have since been revealed to have cross-platform backdoors developed by the group to attack Palestinian institutions.

Arid Viper has been dubbed the "first exclusively Arabic APT group" by a Russian cyber security firm.

Following this announcement by the Facebook-owned social media platform Meta (previously known as Facebook) in April 2021, the group was removed from its platform for distributing mobile malware against individuals affiliated with pro-Fatah groups, the Palestinian government organizations, military and security personnel, and students in Palestine.

There is a "certain level of success" despite a lack of tooling change in the new activity, which relies on the same tactics and document lures used by the group between 2017 and 2019. The latest decoy files reference Palestinian reunification and sustainable development in the territory, which, when opened, leads to the installation of Micropsia on compromised machines.

Operators of infected devices can use the backdoor to harvest sensitive information and execute commands sent from a remote server, such as capturing screenshots, recording the current activity log, and downloading additional payload.

Researchers Asheer Malhotra and Vitor Ventura said that "Arid Viper is a prime example of groups that aren't very advanced technologically, but with specific motivations, are becoming more dangerous as they evolve over time."

With the help of [remote access trojans], an attacker can gain continuous control over the systems of their victims, as well as install additional malicious software to spy on them or steal their credentials.