Hamas-affiliated hackers were involved in five cyberespionage campaigns targeting Palestine and Egypt.
The proof was provided in a new investigation by Slovakian cybersecurity company ESET. The company's analysts discovered five campaigns that distributed Trojan-infected apps to Android users. The attacks focus on spying on user data in Palestine and Egypt.
The campaigns use multi-stage Android spyware that ESET calls “AridSpy.”
To spread the spyware, the hackers used special websites posing as genuine apps. In Palestine, they mainly used a malicious app for the Palestinian civil registry.
“To gain initial access to the device, threat actors try to convince their potential victim to install a fake but functional app,” said Lukáš Štefanko, the ESET researcher who discovered AridSpy.
TNW Conference, June 20-21 – 85% of tickets SOLD OUT
Take advantage of all the networking opportunities: roundtables, masterclasses, tech tours, 1:1 conversations… Last chance to book before there are none left!
“Once the target clicks the site's download button, myScript.js, hosted on the same server, is executed to generate the correct download path for the malicious file.”
ESET attributed the campaigns – with “medium confidence” – to the notorious Arid Viper APT group.
Who is Ariadne Viper?
Arid Viper is also known as APT-C-23, Desert Falcons or Two-tailed Scorpion. Active since at least 2013, the cyberespionage group is notorious for targeting countries in the Middle East. It is also known for delivering a huge arsenal of malware for Android, iOS and Windows platforms.
Cybersecurity vendors have already linked the group to Hamas. It primarily targets facilities in Israel and Palestine, but its influence extends beyond those borders, suggesting a broader geopolitical agenda, analysts say.
However, ESET's new investigation does not denounce any political connection. Instead, the company focuses on cyber espionage techniques.
These techniques allow hackers to spy on messaging apps and extract content from devices. ESET said their campaigns began in 2022. Three of them are still active today.
