The threat actor known as Arid Viper has been observed using refreshed variants of its malware toolkit in its attacks targeting Palestinian entities since September 2022.
Symantec, which is tracking the group under its insect-themed moniker Mantis, said the adversary is “going to great lengths to maintain a persistent presence on targeted networks.”
Also known by the names APT-C-23 and Desert Falcon, the hacking group has been linked to attacks aimed at Palestine and the Middle East at least since 2014.
Mantis has used an arsenal of homemade malware tools such as ViperRat, FrozenCell (aka VolatileVenom), and Micropsia to execute and conceal its campaigns across Windows, Android, and iOS platforms.
The threat actors are believed to be native Arabic speakers and based in Palestine, Egypt, and Turkey, according to a report published by Kaspersky in February 2015. Prior public reporting has also tied the group to the cyber…