Hamas-Linked Hacker Group Accused of Orchestrating Attacks in Palestine & Egypt
- A Hamas-linked hacker group called Arid Viper has been accused of orchestrating at least 5 attacks across Egypt and Palestine.
- The revelation was made by popular research group ESET, who also put together a detailed analysis of its attack technique.
- The most concerning news is that at least 3 of the 5 campaigns run by the hacker group are still active.
A Hamas-linked hacker group has been accused of orchestrating cyber attacks across Palestine and Egypt.
The group is called Arid Viper and has been active since 2013, targeting their victims through an Android spyware called AridSpy.This is the first time researchers have been able to zero in on the group and put together a detailed analysis of its malware. The attacks were first discovered by ESET, a cybersecurity company based in Slovakia.
ESET found that the group was attacking through Trojanized Android apps, mostly messaging apps. Five such attacks targeting Palestine and Egypt have already been discovered.
How Does the Malware Work?Here's a detailed rundown of how Arid Viper's malware works:
Step 1: Malicious AppsThe compromised apps are mostly distributed through websites that impersonate real apps.
- For example, for its victims in Palestine, the hacker group impersonated the Palestinian Civil Registry app.
- On the other hand, in Egypt, the malicious app was impersonating another legitimate app called LapizaChat. Some fake job postings were hiding the malicious links.
Once the victim clicks on the download link, myScript.js, hosted on the same server, is executed. It creates the correct download path for the malicious file. This is where the first stage of the attack ends.
Step 3: Data ExfiltrationThe second stage initiates data exfiltration. Analysts at ESET found that these hackers were able to extract all sorts of information such as device location, messages, clipboard data, video recordings, and loads more.
In some cases, the criminals were also able to gain control over the data by taking pictures and recording audio.
The worst part is that at the time of writing, 3 out of the 5 discovered campaigns are still running and the hacker group is probably out there updating AridSpy so that their attacks can't be discovered again.A Little about Arid ViperArid Viper has several other names. You might know it as Desert Falcons, APT-C-23, or Two-tailed Scorpion.
The cybercrime group has been active for more than a decade now and is known for mostly targeting countries in the Middle East. Israel and Palestine are its primary targets, but its reach extends beyond that, too.
In 2022, the group used AridSpy to disrupt the FIFA World Cup that was held in Qatar.The group has been linked to Hamas-a Palestinian militant group-but no solid evidence has been found of this connection. ESET researchers also didn't find any government connections with the group.
Cybersecurity Atmosphere in the Hamas-Israel WarThe Hamas-Israel war has brought a wave of social media misinformation with it. From false war scenes and deepfake videos to conspiracy theories and malign influences, almost all social media platforms are plagued with disinformation.
The EU had issued warnings to social media giants TikTok and Meta, asking them to combat the issue at the earliest. X's content moderation regulations also received a lot of backlash for its inadequacies.
Although the misinformation seems to have subsided during the last few months, these cyberattacks still plague the internet in the Middle East.
The post Hamas-Linked Hacker Group Accused of Orchestrating Attacks in Palestine & Egypt appeared first on The Tech Report.