Arid Viper in the Spotlight: The Middle East Under CyberAttack

Malware distribution has reached new levels in 2023. Cybercriminals have been performing malicious activities on all sorts of entities. Even NBA fell victim to an attack recently. Now, a new campaign is targeting organizations and individuals in the Middle East. Who’s the culprit? Arid Viper.

The hacking group takes on an insect-themed moniker Mantis and has been observed performing malicious practices and cyberattacks in Palestine and the Middle East since 2014.

The group’s campaigns focus on devices like Windows, Android, and iOS. However, that’s not the intriguing part. Not even close! Arid Viper is using refreshed variants of its malware toolkit, and here’s what we know about the attacks.

Arid Viper – A Malicious Mantis Strikes

Cyberattacks are on the rise, and they don’t seem to be stopping anytime soon. Unfortunately, threat actors have been elevating their schemes and tactics, as well as the toolkits and malware variants their operating with.

Speaking of elevation, Arid Viper has been active since 2014, utilizing refreshed variants of its malware toolkit in every attack. By refreshed, we mean that they’re upgrading their form of attack regularly.

According to reports, the group mainly infiltrates a system by utilizing spear-phishing emails and fake social credentials in order to trick victims into installing malware on their devices.

Kaspersky also reported that Arid Viper is of Middle Eastern roots (Arabic Speaking), and it operates in Palestine, Egypt, and Turkey. However, the report by Kaspersky dates back to 2015 when Arid Viper was probably known as Desert Falcons.

The recent attack, as detailed by Symantec, sees Arid Viper using elevated versions of its custom Micropsia and Arid Gopher implants to infiltrate its targets’ devices and harvest credentials as well as sensitive information.

Arid Gopher is being updated regularly to maintain a complete evasion mechanism. According to Symantec:

“Mantis appears to be a determined adversary, willing to put time and effort into maximizing its chances of success, as evidenced by extensive malware rewriting and its decision to compartmentalize attacks against single organizations into multiple separate strands to reduce the chances of the entire operation being detected.”

Throughout its existence, Arid Viper has had several aliases. Whether it’s Mantis, Arid Viper, APT-C-23, or Desert Falcon, the results are the same – a risk to all sectors:

• Military and Government organizations
• Health organizations
• Economic and financial institutions
• Leading media entities
• Research and educational institutions
• Energy and utility providers
• Activists and political leaders
• Physical security companies

The list goes on. They’ve been active for around 9 years, after all – It’s not shocking that they have amassed such a long list of victims.

A Decade of Cybercrime – Multiple Aliases, One Goal

Every day a new cyber threat emerges from out of nowhere. Arid Viper has been around for quite some time now, semi-perfecting its malicious practices by regularly elevating its toolkit.

Such threats loom around, just waiting for the right target. If this particular group is your concern at the moment, avoid following links within emails. Not only that but stay vigilant when it comes to ads on Google. They might be fake.