• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
arid viper hacking group using upgraded malware in middle east

Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks

You are here: Home / General Cyber Security News / Arid Viper Hacking Group Using Upgraded Malware in Middle East Cyber Attacks
April 4, 2023

The danger actor recognized as Arid Viper has been observed applying refreshed variants of its malware toolkit in its attacks focusing on Palestinian entities due to the fact September 2022.

Symantec, which is tracking the group beneath its insect-themed moniker Mantis, explained the adversary is “going to terrific lengths to manage a persistent existence on targeted networks.”

Also regarded by the names APT-C-23 and Desert Falcon, the hacking team has been linked to attacks aimed at Palestine and the Center East at minimum given that 2014.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Mantis has utilized an arsenal of selfmade malware instruments this kind of as ViperRat, FrozenCell (aka VolatileVenom), and Micropsia to execute and conceal its campaigns across Windows, Android, and iOS platforms.

The danger actors are believed to be indigenous Arabic speakers and based in Palestine, Egypt, and Turkey, according to a report posted by Kaspersky in February 2015. Prior community reporting has also tied the team to the cyber warfare division of Hamas.

In April 2022, large-profile Israeli men and women employed in delicate defense, legislation enforcement, and unexpected emergency expert services companies ended up observed being focused with a novel Windows backdoor dubbed BarbWire.

Attack sequences mounted by the team usually employ spear-phishing e-mail and bogus social qualifications to lure targets into putting in malware on their equipment.

The most latest attacks in-depth by Symantec entail the use of up to date versions of its personalized Micropsia and Arid Gopher implants to breach targets just before engaging in credential theft and exfiltration of stolen information.

Arid Gopher, an executable coded in the Go programming language, is a variant of the Micropsia malware that was first documented by Deep Intuition in March 2022. The change to Go is not uncommon as it will allow the malware to keep below the radar.

Micropsia, together with its ability to start secondary payloads (like Arid Gopher), is also intended to log keystrokes, acquire screenshots, and help you save Microsoft Place of work information in RAR archives for exfiltration applying a bespoke Python-based resource.

THN WEBINARBecome an Incident Reaction Pro!

Unlock the secrets to bulletproof incident reaction – Learn the 6-Stage method with Asaf Perlman, Cynet’s IR Chief!

Really don’t Overlook Out – Save Your Seat!

“Arid Gopher, like its predecessor Micropsia, is an info-stealer malware, whose intent is to create a foothold, collect delicate program details, and send out it again to a C2 (command-and-command) network,” Deep Intuition said at the time.

Proof collected by Symantec displays that Mantis moved to deploy 3 unique versions of Micropsia and Arid Gopher on three sets of workstations between December 18, 2022, and January 12, 2023, as a way of retaining entry.

Arid Gopher, for its part, has been given frequent updates and entire code rewrites, with the attackers “aggressively mutating the logic amongst variants” as a detection evasion mechanism.

“Mantis seems to be a identified adversary, prepared to put time and hard work into maximizing its odds of achievement, as evidenced by substantial malware rewriting and its final decision to compartmentalize attacks in opposition to solitary companies into multiple individual strands to cut down the probabilities of the whole operation getting detected,” Symantec concluded.

Observed this posting appealing? Follow us on Twitter  and LinkedIn to read through a lot more special content material we article.


Some areas of this posting are sourced from:
thehackernews.com

Previous Post: «think before you share the link: saas in the real Think Before You Share the Link: SaaS in the Real World
Next Post: HTTP/S DDoS Attacks Soar 487% in Three Years Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.