Mantis Strikes Back: Palestinian Hackers Unleash Havoc
Diving into the shadowy underworld of cyber-espionage, a notorious group known as "Mantis," or "Arid Viper," "APT-C-23," and "Desert Falcon," is making headlines yet again
Unsplash
This enigmatic collective, operational since around 2014, has been wreaking havoc on individuals and organizations in Israel and beyond, with origins believed to be rooted in the Palestinian territories.
Although it's rare for groups like these to target the Palestinian community, precedent exists. Mantis doesn't discriminate, casting its cybernetic net on targets in Syria, Turkey, Iraq, Lebanon, and Libya.
Government, military, financial, media, education, energy, and think tanks are all fair game, as long as the group can snatch up sensitive information to fuel their espionage activities.
The most recent Mantis-led campaign, which began in September 2022 and persisted until February 2023, zeroed in on organizations within Palestinian territories. While this time they steered clear of human rights organizations and government bodies, their tactics remain as devious as ever.
Though no concrete links have been established by threat intelligence experts, bleepingcomputer.com reports that Mantis is a Hamas-backed hacker group notorious for its cunning social engineering attacks on Israeli officials.
Their go-to weapons? Spear-phishing emails and counterfeit social media profiles, designed to deceive targets into installing malware on their devices. It's no surprise that social media, prevalent throughout the Middle East, is the perfect platform for Mantis to strike.
The group's latest cyber-weapon, the Arid Gopher malware, is continuously updated and rewritten to dodge detection. Mantis spares no effort in evading security measures, maintaining a persistent presence in their victim's systems.
WeLiveSecurity.com reveals that Mantis has deployed both Windows and Android components in its operations, with Android components first identified in 2017.
Facebook's security team, which recognizes Arid Viper/Mantis as a sophisticated threat actor, previously disrupted the group's activities. Facebook uncovered ten Android malware strains, two iOS malware hashes, eight desktop malware strains, and 179 domains used by Arid Viper for attacks launched via Facebook accounts and other services.
As Mantis continues to prowl the digital landscape, it's a stark reminder that cyber-espionage knows no boundaries, and we must remain vigilant in the face of an ever-evolving threat.