top of page

Arid Viper: Palestinian entities targeted with refreshed malware toolkit

Since 2014, a Palestinian hacking group going by the name Arid Viper, AKA APT-C-23 and Desert Falcon, has been linked to a number of attacks in the Middle East. The group, which Symantec is now tracking under the moniker Mantis, appears to be renewing its efforts as of late, with refreshed variants of its malware toolkit being observed in attacks targeting Palestinian entities since September of 2020. Mantis has used an array of homegrown malware tools to execute and conceal its campaigns across Windows, Android, and iOS platforms. These tools include ViperRat, FrozenCell (also known as VolatileVenom), and Micropsia. The threat actors are believed to be native Arabic speakers based in Palestine, Egypt, and Turkey, according to a report published by Kaspersky in February 2015. Prior public reporting has also tied the group to the cyber warfare division of Hamas. In April 2020, high-profile Israeli individuals employed in sensitive defense, law enforcement, and emergency services organizations were observed being targeted with a novel Windows backdoor dubbed BarbWire. Attack sequences mounted by the group typically employ spear-phishing emails and fake social credentials to lure targets into installing malware on their devices.


bottom of page