The Arid Viper cyberattack group is back with a new campaign targeting Palestinian organizations and activists.
The advanced persistent threat (APT) group, believed to be located in Gaza — an area of conflict and hotbed of tension between Israel and Palestine — attacks organizations worldwide but now currently appears to be focused on entities related to Palestine’s politics.
Arid Viper, also known as Desert Falcon, Two-tailed Scorpion, or APT C-23, has been around since at least 2015. In the past, the group has been responsible for spear phishing attacks against Palestinian law enforcement, the military, educational establishments, and the Israel Security Agency (ISA).
Windows and Android malware have been utilized previously, the latter of which is spread through fake app stores. Delphi malware, however, has featured heavily in previous campaigns and still seems to be the weapon of choice for Arid Viper.
On Wednesday, researchers from Cisco Talos said the ongoing campaign uses a Delphi-based Micropsia implant to strike activists.
“The most recent samples found by Talos lead us to believe this is a campaign linked to the previous campaign we reported on in 2017,” the researchers say, adding that the main focus of Arid Viper is on cyberespionage — and targets