Cisco Talos has observed a new wave of Delphi malware called Micropsia developed and operated by the Arid Viper APT group since 2017. This campaign targets Palestinian entities and activists using politically themed lures. The latest iteration of the implant contains multiple RAT and information gathering capabilities. Executive summary
Cisco Talos has identified a new wave of what is believed to be an ongoing campaign using the Delphi malware since 2017. Talos believes with high confidence that this is the work of the Arid Viper threat actor. This is a group believed to be based out of Gaza that’s known to target organizations all over the world. The actor uses the Micropsia implant in the most recent wave that started around October 2021.
This actor uses their Delphi-based Micropsia implant to target Palestinian individuals and organizations, using politically themed file names and decoy documents. The most recent wave uses content originally published on the Turkish state-run news agency Anadolu and on the Palestinian MA’AN development center to target activists and Palestinian institutions. The tactics, techniques and procedures (TTPs) used in the most recent samples found by Talos lead us