Last Updated on 03/02/2022 by Nidhi Khandelwal
Researchers have identified a new wave of offensive cyberattacks aimed at Palestinian activists and entities that began in October 2021 and included politically oriented phishing emails and counterfeit documents.
The breaches are part of what Cisco Talos describes as a long-running espionage and data theft effort by the Arid Viper hacking gang, which began in June 2017 and used a Delphi-based implant called Micropsia.
Then, in April 2021, Meta (formerly Facebook) announced that it had taken steps to remove the adversary from its platform for distributing mobile malware against individuals associated with pro-Fatah groups, Palestinian government organisations, military and security personnel, and student groups in Palestine, citing the group’s ties to Hamas’ cyber arm.
Despite a lack of change in their equipment, the group’s new activity depends on the same methods and document lures utilized in 2017 and 2019, implying a “certain amount of success.” More current decoy files speak to Palestinian reunification and sustainable development in the land, and when opened, they install Micropsia on infected devices.
The backdoor is intended to give operators an exceptional level of control over infected devices, including the capacity to gather sensitive data and execute orders sent from a remote server, such as capturing screenshots, recording the current activity log, and downloading more payloads.